A known security flaw in the Signaling System 7 (SS7) protocol, which controls the way mobiles exchange calls and text messages across the globe, has been used by cyber criminals to crack into the European bank accounts.
According to German newspaper Süddeutsche Zeitung the vulnerability was exploited in January and used to bypass the two-factor authentication European banks were using to secure access to customer accounts.
The attackers were able to use SS7 to redirect text messages used by the banks to send one-time-use passwords to their own numbers then use ‘mobile transaction authentication numbers (mTANs) to transfer money out of a targeted account.
“Criminals carried out an attack from a network of a foreign mobile network operator in the middle of January,” a representative with Germany’s O2 Telefonica told Süddeutsche Zeitung . “The attack redirected incoming SMS messages for selected German customers to the attackers.”
The unidentified network has since been blocked, and affected people have been warned of their bank account breach.
However, the SS7 security hole remains and has been in place since it first came to light in 2008. Awareness of the hole in a protocol that allows mobiles to functions with each other across the world, has been low and the risk of the SS7 vulnerability was deemed to be low.
With such bank accounts hack attacks, the flaw in SS7 has been dragged back out into the limelight and highlights that even small security holes can be exploited by savvy cyber criminals to great effects if left as they are.
The bank accounts attacks should act as a means to motivate telecoms companies to address it, though given the global reach of the protocol, that is not likely to be an easy task. So we will have to wait to see if the attacks will spur major providers to work on shutting out the vulnerability.
Such ‘baked in’ flaws in telecoms protocols should serve as a lesson to companies working on Internet of Things (IoT) devices and systems, which lack security standardisation to prevent them from being riddled with security holes ripe for exploitation in the near future.
Are you a security pro? Try our quiz!
Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…
Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…
Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…
Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…
While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…
Shares in Donald Trump’s social media company rose about 16 percent after first day of…