The attack only works if the AWS SNS account holder is not using the protected sanbox option. The SNS sandbox, which AWS implements by default, lets users test their SMS messages by first sending them ...