After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts • The Register

https://www.theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw/

O2-Telefonica in Germany has confirmed to Süddeutsche Zeitung that some of its customers have had their bank accounts drained using a two-stage attack that exploits SS7: Thieves exploited SS7 to intercept two-factor authentication codes sent to online banking customers.

Is this beginning of end for use of SMS for two factor authentication? SS7 was known to be risky for years – now those risks have been realized.

4 Comments

  1. Tomi Engdahl says:

    Hackers Exploit SS7 Flaws to Loot Bank Accounts
    http://www.securityweek.com/hackers-exploit-ss7-flaws-loot-bank-accounts

    Cybercriminals have exploited vulnerabilities in the SS7 protocol to bypass security mechanisms and steal money from bank accounts. Researchers have warned about the threat for years and these types of attacks have recently become a reality.

    SS7, which stands for Signalling System No. 7, is a telephony signaling protocol used by telecommunications providers worldwide. It allows the customers of different networks to communicate with one another and ensures that calls are not interrupted when users are traveling over longer distances.

    SS7 was developed back in 1975 and it does not include any protection or authentication, making it easy for third-parties to connect to the SS7 network.

    The fact that SS7 has serious weaknesses has been known for years and researchers have often warned that malicious actors could leverage them to locate subscribers, intercept calls and SMS messages, and conduct fraud.

    The first case of malicious actors exploiting SS7 flaws to make a profit has now come to light. German newspaper Süddeutsche Zeitung reported on Wednesday that cybercriminals had relied on SS7 attacks to bypass two-factor authentication (2FA) systems and conduct unauthorized wire transfers.

    Reply
  2. Tomi Engdahl says:

    Signalling System No. 7
    https://en.wikipedia.org/wiki/Signalling_System_No._7

    Signalling System No. 7 (SS7) is a set of telephony signaling protocols developed in 1975, which is used to set up and tear down most of the world’s public switched telephone network (PSTN) telephone calls. It also performs number translation, local number portability, prepaid billing, Short Message Service (SMS), and other mass market services.

    In North America it is often referred to as CCSS7, abbreviated for Common Channel Signalling System 7. In the United Kingdom, it is called C7 (CCITT number 7), number 7 and CCIS7 (Common Channel Interoffice Signaling 7). In Germany, it is often called N7 (Signalisierungssystem Nummer 7).

    The only international SS7 protocol is defined by ITU-T’s Q.700-series recommendations in 1988.[1] Of the many national variants of the SS7 protocols, most are based on variants of the international protocol as standardized by ANSI and ETSI. National variants with striking characteristics are the Chinese and Japanese (TTC) national variants.

    The Internet Engineering Task Force (IETF) has defined the SIGTRAN protocol suite that implements levels 2, 3, and 4 protocols compatible with SS7. Sometimes also called Pseudo SS7, it is layered on the Stream Control Transmission Protocol (SCTP) transport mechanism.

    Reply
  3. Tomi Engdahl says:

    We Were Warned About Flaws in the Mobile Data Backbone for Years. Now 2FA Is Screwed.
    Financially-motivated hackers are using SS7 attacks to break into bank accounts.
    https://motherboard.vice.com/en_us/article/we-were-warned-about-flaws-in-the-mobile-data-backbone-for-years-now-2fa-is-screwed

    It has finally happened.

    For years, researchers, hackers, and even some politicians have warned about stark vulnerabilities in a mobile data network called SS7. These flaws allow attackers to listen to calls, intercept text messages, and pinpoint a device’s location armed with just the target’s phone number. Taking advantage of these issues has typically been reserved for governments or surveillance contractors.

    But on Wednesday, German newspaper The Süddeutsche Zeitung reported that financially-motivated hackers had used those flaws to help drain bank accounts.

    This is much bigger than a series of bank accounts though: it cements the fact that the SS7 network poses a threat to all of us, the general public. And it shows that companies and services across the world urgently need to move away from SMS-based authentication to protect customer accounts.

    “I’m not surprised that hackers take money that is ‘lying on the table’. I’m just surprised that online bank thieves took so long in joining spying contractors in abusing the global SS7 network,” Karsten Nohl, a cybersecurity researcher who has highlighted vulnerabilities in SS7, told Motherboard in an email.

    Reply
  4. Tomi Engdahl says:

    Hackers are stealing money from Bank accounts in Germany by exploiting flaws in #SS7 protocol
    http://securityaffairs.co/wordpress/58735/hacking/ss7-protocol-cyber-heists.html

    The company O2-Telefonica in Germany has confirmed to Süddeutsche Zeitung agency that some of its customers suffered cyber heists exploiting the SS7 flaws.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*