[vc_row type=”in_container” full_screen_row_position=”middle” scene_position=”center” text_color=”dark” text_align=”left” overlay_strength=”0.3″][vc_column column_padding=”no-extra-padding” column_padding_position=”all” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_shadow=”none” width=”2/3″ tablet_text_alignment=”default” phone_text_alignment=”default” column_border_width=”none” column_border_style=”solid”]
First confirmed robbery using the SS7
After years of warnings, criminals already exploit failures of the SS7 (Signaling System No. 7) protocol to steal bank accounts. Experts have been warning for years about security breaches in the Signaling System 7 protocol, used by mobile phone networks to communicate with each other.
These shortcomings can be potentially abused, for example, to redirect calls and text messages from people to the devices of wrongdoers. We have now seen the first case of thieves exploiting design flaws.
O2-Telefonica in Germany has confirmed to Süddeutsche Zeitung that some of its customers have been stolen through a two-stage attack that exploits SS7.
In other words, thieves exploited SS7 to intercept two-factor authentication codes sent to online banking customers, allowing them to clear their accounts. Thefts occurred in recent months, according to multiple sources.
In 2014, researchers showed that SS7, which was created in the 1980s by telecommunications companies to allow cellular networks and some of the land lines to interconnect and exchange data, is fundamentally flawed. Someone with internal access to a telecommunications company – like a corrupt employee – can access the backend of any other company in the world, via SS7, to track the location of a phone, read or redirect messages and even listen to calls.
In this case, the attackers exploited the authentication system of two transaction factors used by German banks. Bank customers need to get a code sent to their phone before funds are transferred between accounts.
The criminals first sent malware to victims’ computers, which took their bank account balance, login details and passwords for their accounts along with their mobile phone number. They then bought access to a dishonest telecommunications provider and established a redirection for the victim’s mobile phone number to a phone controlled by the attackers.
The attackers then entered their online bank accounts and transferred the money. When the transaction numbers were sent, they were sent to the criminals, who then finalized the transaction.
While security experts and some politicians have been warning about this type of attack, telecommunications companies have done nothing to address the problem.
To make matters worse, the proposed replacement for SS7 on 5G networks, called the Diameter protocol, also has security holes, according to the Security Council of the United States communications watchdog, the FCC.
This first publicly confirmed attack, hopefully, will redouble efforts to solve the problems with SS7, at least in Europe, where Germany has a leading position.
phreaking, phone, movil, ss7, Signalling System 7, learn, learning, the best security practice, ethical hacking, IT, Admin, Administrator, Server, User, Kali Linux, Phone, Download, Blog, WordPress, Free, Lab, Pentest, Pentester