An old vulnerability in the Signalling System No. 7 (SS7) telecom network protocol was used by Positive Technologies researchers to access and steal data from a test account, which they had registered recently at Coinbase, a bitcoin exchange platform. It is thus, identified that through exploiting the SS7 flaw, an attacker could access text messages containing authentication codes and make financial transactions from the Bitcoin platform.
In its press release, Positive Technologies stated that this had already happened in spring of 2017 when cybercriminals managed to access text messages containing online banking authentication codes sent to customers of Telefonica Germany (O2), a German mobile rigid and used the codes to make financial transactions.
Positive Technologies’ research exposed that they just needed to use the SS7 flaw to compromise Coinbase account was the very first and last names and the phone number of the account holder and his Gmail address. Through exploiting the SS7 flaw, researchers intercepted SMS text messages sent to Gmail phone numbers and Coinbase users attempting to switch their passwords using two-factor authentication.
Whoever can access the SS7 system can also intercept texts containing verification codes which can be stolen by attackers to build up utter control of the accounts. In case of Coinbase, virtual funds can lightly be extracted from the account.
According to Positive Technologies’ head of telecommunications security department Dmitry Kurbatov:
“Unfortunately, it is still unlikely to opt out of using SMS for sending one-time passwords. It is the most universal and convenient two-factor authentication technology. All telecom operators should analyze vulnerabilities and systematically improve the subscriber security level.”
The SS7 system is used by telecom operators for ensuring total protection of text messages and telephone calls. It is a set of telephony signaling protocols that are used to set-up and rip down a majority of PSTN/public switched telephone network calls around the world.
Furthermore, it performs many significant functions like prepaid billing, local number portability, translation of numbers and SMS (brief messaging service) along with other main telecom services.
It was developed in 1975 while in 2008 it was identified to be vulnerable to hacking. In 2014, it was reported that the SS7 vulnerability could be used by governmental agencies and non-state actors alike to track the movements of mobile phone users from any location around the world with 70% accuracy.
Positive Technologies collective a movie detailing the way a hacker can compromise a Gmail account through using basic information such as mobile number just because of the SS7 flaw. When hacking was successful, researchers showcased how the same SS7 flaw could be used to compromise a Bitcoin wallet.
Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.
more from hack read
Apple co-founder Steve Wozniak Launches ‘,Woz U’ Online Tech Education Platform
Hundreds Of websites mining cryptocurrency without user consent
Fresh Android Ransomware Permanently Switches PIN, Requests Ransom
Google Home Mini Secretly Recorded Conversations Due to “Flawed Touch Panel”
Smooch Goodbye to Privacy: Microsoft Introduces Cortana for Skype
Add your comments:
is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in Milan, Italy