Thieves Drain Protected Bank Accounts

Uploaded on 2017-05-10 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

A known security hole in the networking protocol used by cellphone providers around the world played a key role in a recent string of attacks that drained bank customer accounts.

The unidentified attackers exploited weaknesses in Signalling System No. 7, a telephony signaling language that more than 800 telecommunications companies around the world use to ensure their networks interoperate. SS7, as the protocol is known, makes it possible for a person in one country to send text messages to someone in another country.

It also allows phone calls to go uninterrupted when the caller is traveling on a train.

The same functionality can be used to eavesdrop on conversations, track geographic whereabouts, or intercept text messages. Security researchers demonstrated this dark side of SS7 last year when they stalked US Representative Ted Lieu using nothing more than his 10-digit cell phone number and access to an SS7 network.

In January, thieves exploited SS7 weaknesses to bypass two-factor authentication banks used to prevent unauthorized withdrawals from online accounts. Specifically, the attackers used SS7 to redirect the text messages the banks used to send one-time passwords. 

Instead of being delivered to the phones of designated account holders, the text messages were diverted to numbers controlled by the attackers. The attackers then used the mTANs, short for "mobile transaction authentication numbers", to transfer money out of the accounts.

The interception of the mTANs came only after attackers had compromised bank accounts using traditional bank-fraud Trojans. These Trojans infect account holders' computers and steal the passwords used to log in to bank accounts. From there, attackers could view available balances, but they were prevented from making transfers without the one-time password the bank sent as a text message. 

In the past, attackers have obtained mTANs by obtaining a duplicate SIM card that allows them to take control of the bank customer's phone number. SS7-facilitated compromises, by contrast, can be done remotely on a much larger quantity of phone numbers.

Telecom confirms SS7 abuse

"Criminals carried out an attack from a network of a foreign mobile network operator in the middle of January," a representative with Germany's O2 Telefonica told a Süddeutsche Zeitung reporter. "The attack redirected incoming SMS messages for selected German customers to the attackers." The unidentified foreign network provider has since been blocked, and affected customers were informed of the breach.

The potential for widespread abuse of SS7 first came to light in 2008, but awareness remained largely limited. In 2014, It is thought the SS7 vulnerability can also be exploited by both government intelligence agencies and non-state actors.

Despite the growing awareness, recent reports make clear that real-world attacks remain, or at least until recently remained, feasible in industrialised countries. The attacks underscore the inherent insecurity and lack of privacy in the global telephone network. It could take years to fully secure the system given the size of the global network and the number of telecoms that use it.

When possible, people should use Open Whisper Systems' Signal app to encrypt text messages and phone calls sent or made to other people who use the app.

A report from NIST ( US National Institute for Standards and Technology) underscores the risks of relying on text messages for two-factor authentication and NIST has  proposed doing away with SMS and voice calls for so-called out-of-band verifiers 

Whenever possible, people should also avoid using text messages to receive one-time passwords. 

Ars Technica

You Might Also Read:

Is There A Truly Secure Messaging App?:

Signal: The Snowden-Approved Crypto App Comes to Android:

 

 

 


 

« Macron condemns 'massive' Hacking Attack
Malware: Eyes On North Korea »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CipherPoint Software

CipherPoint Software

CipherPoint Software provides data-centric auditing and protection solutions for securing unstructured information

Matta

Matta

Matta is a cyber security consulting company providing information security services and solutions including vulnerability assessments, penetration testing and emergency response.

Aveshka

Aveshka

Aveshka is a professional services firm focused on addressing complex threats and challenges including Cybersecurity and Information Technology.

Nuspire

Nuspire

Nuspire provide services to protect your network with best-in-class managed detection and response, allowing you to stay focused on managing your business.

SynerLeap

SynerLeap

SynerLeap is ABB's innovation growth hub. Our aim is to help startups accelerate and expand across industries, ranging from industrial automation and robotics to grid technologies and smart cities.

TAV Technologies

TAV Technologies

TAV Technologies is a provider of technology services to the aviation industry in areas including airport infrastructure systems, digital transformation and cybersecurity.

OSIbeyond

OSIbeyond

OSIbeyond provides comprehensive Managed IT Services to organizations in the Washington D.C., MD, and VA area including IT Help Desk Support, Cloud Solutions, Cybersecurity, and Technology Strategy.

Nitrokey

Nitrokey

Nitrokey is the world-leading company in open source security hardware. Nitrokey develops IT security hardware for data encryption, key management and user authentication.

Atlantic Data Security

Atlantic Data Security

Atlantic Data Security is skilled in the analysis, recommendation, deployment, and management of all critical components of the security infrastructure.

Deloitte

Deloitte

Deloitte is a multinational professional services firm providing audit, consulting, financial advisory, risk management, tax, and related services to clients.

Acronis

Acronis

At Acronis, we protect the data, applications, systems and productivity of every organization – safeguarding them against cyberattacks, hardware failures, natural disasters and human errors.

Metmox

Metmox

Metmox mission is to be trusted advisor and partner to protect our customer’s evolving Cloud, Network, Application, IT infrastructure and cybersecurity needs.

LOCH Technologies

LOCH Technologies

LOCH Wireless Machine Vision platform delivers next generation cybersecurity, performance monitoring, and cost management for all 5G and for broad-spectrum IoT, IoMT and OT wireless environments.

WillJam Ventures

WillJam Ventures

WillJam Ventures are a private equity firm focused on investing in world-class cybersecurity companies that will become the next generation of leaders in protecting the world’s digital assets.

CLEAR

CLEAR

With more than 17 million members and a growing network of partners across the world, CLEAR's identity platform is transforming the way people live, work, and travel.

Abissi

Abissi

Abissi offer cyber intelligence, IoT security, automotive security, red teaming, application security and artificial intelligence security services, with a focus on security by design.