Unknown hackers have recently exploited design flaws in the Signaling System 7 (SS7) to drain victim’s bank accounts.
SS7 is a telephony signaling protocol used to interconnect and exchange data such as routing calls, texts, roaming, and other services. SS7 is vulnerable to several design flaws that allow hacker to listen to phone calls and intercept texts. These weaknesses have been exploited to bypass two-factor authentication that banks use for withdrawals.
The attack redirects incoming SMS messages for customers to the attackers. Through a series of trojans, the attackers gain all information needed outside of the one-time passcodes banks send to users. The attackers intercept the authentication codes in order to gain access and drain bank accounts.Return To Article