Mobile network hackers draining bank accounts with SS7 after many prior warnings

What is SS7?

SS7 known as Signaling System 7 is an international telecommunications standard that defines how network elements in a public switched telephone network (PSTN) exchange information over a digital signaling network.

What are the issues of SS7

Security Experts have warned for years about security issues within the Signaling System 7 protocol

exploiting the security issues can allow an attacker to forward calls, giving a hacker the ability to record or listen in to a victim. An attacker could also read SMS messages sent between mobile phones, and track the location of a phone/mobile device using the same system that the phone networks use to help keep a constant service available and deliver phone calls, texts and data.

Researchers previously demonstrated that SS7 security is completely flawed, allowing an an attacker with internal access to a telco could obtain access to any specific carrier’s backend in the world via SS7 thefore potentially allow the capability to track a phone’s location, read or manipulat messages, and even listen to phone calls.

How does this translate to bank accounts being hacked by SS7?

In this particular case, attackers exploited a two-factor authentication system of transaction authentication numbers used by German banks. A user of the service gets a code sent to their phone in order to transfer funds between other accounts.

The hackers first step was to spray spam malware to victims’ computers, which once deployed collected the account balance, login credentials including passwords and their mobile number. The attackers then purchased access to a rogue telecommunications provider and set up a redirect for the victim’s mobile phone number to a device controlled by the attackers.

The final part involved the attackers logged into their online bank accounts (ideally when the target would be idol) and then transfer money out. When the transaction numbers were transmitted they were obtained by the attackers, who then simply confirmed the transaction.

Related posts

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA

Kia Dealer Portal Vulnerability Risked Millions of Cars