Hackers exploit SS7 vulnerability to bypass two-factor authentication and drain bank accounts

The SS7 security hole has been known for years Two-factor authentication may be the best way of keeping our online accounts safe, but even...

The SS7 security hole has been known for years

Two-factor authentication may be the best way of keeping our online accounts safe, but even this system has vulnerabilities. In Germany, a known security flaw in a networking protocol used by cellphone providers has been exploited to drain funds from bank accounts.

German newspaper Süddeutsche Zeitung reports that the unidentified attackers took advantage of a security hole in Signaling System No. 7, a telephony signaling protocol used by over 800 telecommunication companies. Also known as SS7, it allows the world’s cellular carriers to route calls, texts, and other services to each other.

Hackers can expoit SS7 to intercept text messages, listen in on phone calls, and track users’ locations. In this instance, thieves used the protocol to circumvent the two-factor authentication banks use when account holders perform withdrawals.

The hackers infected victims’ computers using traditional malware, allowing them to steal login and password credentials. They then drained the online accounts by using the SS7 vulnerability to redirect the text messages sent by the banks containing the mTANs (mobile transaction authentication numbers).

"Criminals carried out an attack from a network of a foreign mobile network operator in the middle of January," said a spokesperson for Germany's O2 Telefonica. "The attack redirected incoming SMS messages for selected German customers to the attackers."

Rep. Ted Lieu, who along with Sen. Ron Wyden sent a joint letter to FCC chairman Ajit Pai earlier this year highlighting the dangers of the SS7 flaw, has released a statement regarding the German incident.

Everyone's accounts protected by text-based two-factor authentication, such as bank accounts, are potentially at risk until the FCC and telecom industry fix the devastating SS7 security flaw. Both the FCC and telecom industry have been aware that hackers can acquire our text messages and phone conversations just knowing our cell phone number. It is unacceptable the FCC and telecom industry have not acted sooner to protect our privacy and financial security. I urge the Republican-controlled Congress to hold immediate hearings on this issue.


http://www.techspot.com/news/69201-hackers-exploit-ss7-vulnerability-bypass-two-factor-authentication.html
Name

English News techspot.com
false
ltr
item
Techno - Gampong IT - Reference Information Technology: Hackers exploit SS7 vulnerability to bypass two-factor authentication and drain bank accounts
Hackers exploit SS7 vulnerability to bypass two-factor authentication and drain bank accounts
http://www.techspot.com/images2/news/bigimage/2017/05/2017-05-05-image-2.jpg
Techno - Gampong IT - Reference Information Technology
http://techno.gampongit.com/2017/05/hackers-exploit-ss7-vulnerability-to.html
http://techno.gampongit.com/
http://techno.gampongit.com/
http://techno.gampongit.com/2017/05/hackers-exploit-ss7-vulnerability-to.html
true
7281475864779722461
UTF-8
Tidak ditemukan artikel apapun LIHAT SEMUA Selengkapnya Balas Batal Balas Hapus Oleh Beranda HALAMAN ARTIKEL Lihat Semua REKOMENDASI LABEL ARSIP SEARCH SEMUA ARTIKEL Tidak ditemukan posting yang sesuai dengan permintaan Anda Halaman Utama Minggu Senin Selesa Rabu Kamis Jumat Sabtu Min Sen Sel Rab Kam Jum Sab Januari Februari Maret April Mei Juni Juli Agustus September Oktober November Desember Jan Feb Mar Apr Mei Jun Jul Agu Sep Okt Nov Des baru saja 1 menit lalu $$1$$ minutes ago 1 jam lalu $$1$$ hours ago Kemarin $$1$$ days ago $$1$$ weeks ago lebih dari 5 minggu yang lalu Pengikut Ikuti KONTEN PREMIUM Silakan share untuk membuka Salin Semua Code Pilih Semua Code Semua kode disalin ke clipboard Anda Tidak dapat menyalin kode/teks, silakan tekan [CTRL] + [C] (atau CMD + C dengan Mac) untuk menyalin