SS7 Flaws Exploited in Attacks Against Mobile Users Bank Accounts

  /     /     /  
Publicated : 22/11/2024   Category : security


SS7 Flaws Exploited in Attacks Against Mobile Users Bank Accounts


Cyberthieves exploited long-known vulnerabilities in the Signaling System 7 (SS7) protocol, attacking bank accounts in Germany by intercepting two-factor authentication codes sent to mobile phones.



Cyberthieves exploited long-known vulnerabilities in the Signaling System 7 (SS7) protocol, wiping out bank accounts in Germany after intercepting the two-factor authentication codes sent to mobile phones for online banking customers, according to a report in The Register.
The SS7 vulnerabilities, demonstrated by researchers back in 2014, could allow hackers to read or redirect text messages, listen to phone calls, and track the phones location.
In this particular case, cybercriminals loaded malware onto victims computers that allowed them to glean bank account logins and passwords, view account balances, and capture mobile phone numbers, according to the report. Access to an unscrupulous telecommunications provider was then purchased and the victims mobile phone number was redirected to another phone that the cyberthieves controlled.
The attackers, according to the report, tended to access the victims online bank accounts late at night. They intercepted the two-factor authentication codes and completed the money transfer transaction.
The Diameter protocol, the upcoming SS7 replacement for 5G networks, is apparently not any safer. It also has vulnerabilities, as well, notes the Federal Communications Commissions Legacy Systems Risk Reductions
final report
, produced by its Communications, Security, Reliability and Interoperability Council.
Read more about the SS7 exploit
here
.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
SS7 Flaws Exploited in Attacks Against Mobile Users Bank Accounts