Hackers exploit SS7 vulnerability to bypass two-factor authentication and drain bank accounts.

Two-factor authentication may be the best way of keeping our online accounts safe, but even this system has vulnerabilities. In Germany, a known security flaw in a networking protocol used by cellphone providers has been exploited to drain funds from bank accounts.

German newspaper Süddeutsche Zeitung reports that the unidentified attackers took advantage of a security hole in Signaling System No. 7, a telephony signaling protocol used by over 800 telecommunication companies. Also known as SS7, it allows the world’s cellular carriers to route calls, texts, and other services to each other.

Hackers can expoit SS7 to intercept text messages, listen in on phone calls, and track users’ locations. In this instance, thieves used the protocol to circumvent the two-factor authentication banks use when account holders perform withdrawals.



By Rob Thubron.
Full story at Tech Spot.