Known Flaws in Mobile Data Backbone Allow Hackers To Trick 2FA

A known security hole in the networking protocol used by cellphone providers around the world played a key role in a recent string of attacks that drained bank customer accounts, according to a report published Wednesday. From the article: For years, researchers, hackers, and even some politicians have warned about stark vulnerabilities in a mobile data network called SS7. These flaws allow attackers to listen to calls, intercept text messages, and pinpoint a device’s location armed with just the target’s phone number. Taking advantage of these issues has typically been reserved for governments or surveillance contractors. But on Wednesday, German newspaper The Suddeutsche Zeitung reported that financially-motivated hackers had used those flaws to help drain bank accounts. This is much bigger than a series of bank accounts though: it cements the fact that the SS7 network poses a threat to all of us, the general public. And it shows that companies and services across the world urgently need to move away from SMS-based authentication to protect customer accounts.

Read more of this story at Slashdot.


Leave a Reply