Hackers can take advantage of a weakness in SS7 (Signalling System 7), the core signalling protocol in fixed & mobile telecommunications networks, that could enable them to steal data, eavesdrop, intercept text messages, track people’s locations and swindle money from bank accounts.
The security of the design of SS7 (Signalling System 7) is based entirely on trust.
The SS7 refers to the Common Channel Interoffice Signalling 7 (CCIS7) or the Signalling System 7 (SS7). The SS7 is the protocol in the mobile phones that checks and monitors how the text messages and calls are governed and exchanged by mobile phones.
These days, most of the banks offer a two-factor authentication, where the customers receive a one time temporary password (OTP). It is to be used after entering the regular ID and password for undertaking bank transactions.
If someone is capable of accessing the customers’ text message by hacking the vulnerabilities of SS7, they gain access to the text messages and OTPs. The hacking is done at the level of the telecom companies, and there isn’t much that the customers and the banks can do in this regard to prevent or counter the attack.
And, this is exactly what has happened.
According to Suddeutsche Zeitung, the aforementioned German newspaper, hackers were able to attack SS7 in January 2017, and thus, swindled money from the accounts of bank customers. The newspaper has reported the modus operandi of the hackers.
They first, through phishing attacks, gained access to the primary login credentials of their victims. Afterwards, they attacked the SS7 to transact money from the accounts.
One of the main telecom companies affected by the January attack was O2-Telefonica. The attack meant that the incoming text messages with the OTPs were diverted to the hackers, who in turn, used them to pull money from the accounts of the victims.
According to the director of telecoms security at Positive Technologies, Michael Downs, the future of 4G and 5G networks aren’t secure. Going forward, these vulnerabilities can lead to severe damages as a lot more devices will have telecommunication capabilities with the advent of the Internet of Things (IoT).
Telecom companies need to take immediate action and prevent such breaches from happening again.
Latest posts by Edmondo Burr (see all)
- Police Arrest Suspect In Supermarket Baby Food Poisoning - October 1, 2017
- Seoul Secures Data From Electromagnetic Interference By N Korea - September 30, 2017
- The ‘World’s First Internet War’ Has Begun: Julian Assange - September 30, 2017