Wireless Carrier Caught Red-Handed Injecting Ads Into Customers' SMS Messages
Advertisements are everywhere. You can find them on TV, on the Internet, on billboards, in your mail, and now within your text messages sent from reputable sources. Earlier this week, developer Chris Lacy posted to Twitter about an "SMS AD" attached to a Google verification code sent to his phone.
On Monday, Lacy initially tweeted that he had "received a two factor authentication SMS from Google that included an ad," and that, amusingly, "Google's own Messages SMS app flagged it as spam." After that initial tweet took off, some Google employees chimed in, explaining that this is most definitely not from Google.
Therefore, that leaves Lacy's cell provider in Australia, which is well within its right, or at least capability, to do this. SMS messages, colloquially texts, are not encrypted in any way; thus, a cell carrier can read, modify, and even fabricate texts to you. Ultimately, this is a massive breach of trust, especially when it comes to messages like Google verification codes which are quite sensitive.
Though Lacy refrained from publicly posting his carrier, it appears that Google is now working with the Australian company to stop this from happening. Furthermore, this is a good reminder that SMS messages are not secure, and people should use apps like Signal for more sensitive conversations; otherwise, you could end up with ads attached to your texts in the future.