It’s time to stop using SMS for anything.

By now most infosec professionals are aware of various ways SMS text messaging can be hijacked. For example so-called “SIM Swap” attacks, SS7 attacks, Port-out fraud, etc. All of these attacks however do require some level of sophistication, whether it be high level access to SS7, or account information or social engineering to successfully port out the phone number to a new provider or swap the sim on the existing account.

There is however other vulnerabilities that are not particularly well known. For VoIP numbers in particular, which may be assigned to a…