Verizon is taking the most extreme measure. | Image by PhoneArena
Verizon recently announced that it will shut down its legacy email-to-text feature by March 31, 2027. As it turns out, that wasn't a random decision but rather stemmed from a security flaw that also impacted AT&T and T-Mobile.
Hackers can exploit a message translation and interpretation flaw
T-Mobile’s messaging gateway converting an email to a text. | Image by UC San Diego researchers
A security flaw that could let hackers fake their identity in smartphone texts has been patched in the US. The vulnerability was discovered by computer scientists at the University of California, San Diego, and affected iOS and Android devices across networks like AT&T, Verizon, T-Mobile, Google Fi, and Mint Mobile.
The bug traces back to a functionality rolled out by carriers in the early 2000s that let customers send text messages via email. Because emails and text messages use entirely different formatting rules, an imperfect translation process occurs in which a lot can get lost. Because carriers typically treated email information as authentic, experts found a way to exploit the gap.
Incongruous
Email and text don't work well together, per UC San Diego Department of Computer Science and Engineering professor Stefan Savage.
Recommended For You
Email and text messaging weren't designed to work together. It's a little bit like reading postcards to someone over the phone and needing to figure out where the sender and recipient information and the message itself are.
Stefan Savage, UC San Diego professor, June 2026
Things get worse when an email translated into text reaches the victim. While Android and iOS check the sender's identity against the contact list, attackers could hijack this process by inserting special characters to impersonate someone on the list. A masterfully crafted email address was enough to trip up a phone, causing it to mistake a cybercriminal for a known sender.
Even more alarmingly, researchers added text into the middle of existing, active chat threads with trusted contacts, though attackers wouldn't see the replies in such cases.
AT&T, Verizon, T-Mobile, and Google have changed the way email address fields are translated into texts to iron out the problem. Associated vulnerabilities in Google Messages and Apple Messages have also been addressed.
How does this report make you feel?
Unreliable
Verizon is shuttering the email-to-text feature. | Image by Verizon
The vulnerability thrived because the cellular ecosystem operates on the cozy assumption that the system that transmits text messages is reliable. It was compounded by the fact that there are no standards for converting emails to texts.
The report doesn't say whether the vulnerability has been exploited.
You can never be too careful
Reports like these are reminders that the most benign-looking features can put you in harm's way. The email-to-text feature isn't wildly popular, which is probably why it slipped through the cracks and took more than two decades to uncover.
Get Visible as low as $20/mo for 1 year. Limited time offer with code: FRESHSTART
$20
/mo
$25
$5 off (20%)
Offer Ends 6.1.2026 at 11.59pm ET. New members get $5/mo off the $25/mg Visible plan, $35/mo Visible+ plan, or $45/mo Visible+ Pro plan for the first 12 months. Promo code FRESHSTART required at checkout.
Anam Hamid is a computer scientist turned tech journalist who has a keen interest in the tech world, with a particular focus on smartphones and tablets. She has previously written for Android Headlines and has also been a ghostwriter for several tech and car publications. Anam is not a tech hoarder and believes in using her gadgets for as long as possible. She is concerned about smartphone addiction and its impact on future generations, but she also appreciates the convenience that phones have brought into our lives. Anam is excited about technological advancements like folding screens and under-display sensors, and she often wonders about the future of technology. She values the overall experience of a device more than its individual specs and admires companies that deliver durable, high-quality products. In her free time, Anam enjoys reading, scrolling through Reddit and Instagram, and occasionally refreshing her programming skills through tutorials.
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts:
New accounts created within the last 24 hours may experience restrictions on how frequently they can
post or comment.
These limits are in place as a precaution and will automatically lift.
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
Things that are NOT allowed:
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts: