SS7 Flaws Exploited in Attacks Against Mobile Users Bank Accounts

  /     /     /  
Publicated : 22/11/2024   Category : security

SS7 Flaws Exploited in Attacks Against Mobile Users Bank Accounts


Cyberthieves exploited long-known vulnerabilities in the Signaling System 7 (SS7) protocol, attacking bank accounts in Germany by intercepting two-factor authentication codes sent to mobile phones.


Cyberthieves exploited long-known vulnerabilities in the Signaling System 7 (SS7) protocol, wiping out bank accounts in Germany after intercepting the two-factor authentication codes sent to mobile phones for online banking customers, according to a report in The Register.
The SS7 vulnerabilities, demonstrated by researchers back in 2014, could allow hackers to read or redirect text messages, listen to phone calls, and track the phones location.
In this particular case, cybercriminals loaded malware onto victims computers that allowed them to glean bank account logins and passwords, view account balances, and capture mobile phone numbers, according to the report. Access to an unscrupulous telecommunications provider was then purchased and the victims mobile phone number was redirected to another phone that the cyberthieves controlled.
The attackers, according to the report, tended to access the victims online bank accounts late at night. They intercepted the two-factor authentication codes and completed the money transfer transaction.
The Diameter protocol, the upcoming SS7 replacement for 5G networks, is apparently not any safer. It also has vulnerabilities, as well, notes the Federal Communications Commissions Legacy Systems Risk Reductions
final report
, produced by its Communications, Security, Reliability and Interoperability Council.
Read more about the SS7 exploit
here
.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
SS7 Flaws Exploited in Attacks Against Mobile Users Bank Accounts