Thieves drain 2fa-protected bank accounts by abusing SS7 routing protocol [telecom]

*Moderators note: "2fa" means "Two factor authentication".*

Thieves drain 2fa-protected bank accounts by abusing SS7 routing protocol

The same weakness could be used to eavesdrop on calls and track users' locations.

by Dan Goodin

A known security hole in the networking protocol used by cellphone providers around the world played a key role in a recent string of attacks that drained bank customer accounts, according to a report published Wednesday.

The unidentified attackers exploited weaknesses in Signalling System No. 7, a telephony signaling language that more than 800 telecommunications companies around the world use to ensure their networks interoperate. SS7, as the protocol is known, makes it possible for a person in one country to send text messages to someone in another country. It also allows phone calls to go uninterrupted when the caller is traveling on a train.

formatting link

Reply to
Monty Solomon
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.