Criminals Drain European Bank Accounts Using SS7 Security Flaw

A known security flaw in the Signaling System 7 (SS7) protocol, which controls the way mobiles exchange calls and text messages across the globe, has been used by cyber criminals to  crack into the  European bank accounts.

According to German newspaper Süddeutsche Zeitung the vulnerability was exploited in January  and used to bypass the two-factor authentication European banks were using to secure access to customer accounts.

The attackers were able to use SS7 to redirect text messages used by the banks to send one-time-use passwords to their own numbers then use ‘mobile transaction authentication numbers (mTANs) to transfer money out of a targeted account.

SS7 flaw exploit

Banks affected by the hack attack had to be infected by more traditional trojan malware needed to swipe the login credentials and passwords of customer accounts, after which they could login to accounts and view balances. However, to exfiltrate money, the hackers had to exploit the SS7 flaw to gain access to the one-off security code the banks sent as additional verification for money transfers.

“Criminals carried out an attack from a network of a foreign mobile network operator in the middle of January,” a representative with Germany’s O2 Telefonica told Süddeutsche Zeitung . “The attack redirected incoming SMS messages for selected German customers to the attackers.”

The unidentified network has since been blocked, and affected people have been warned of their bank account breach.

However, the SS7 security hole remains and has been in place since it first came to light in 2008. Awareness of the hole in a protocol that allows mobiles to functions with each other across the world, has been low and the risk of the SS7 vulnerability was deemed to be low.

With such bank accounts hack attacks, the flaw in SS7 has been dragged back out into the limelight and highlights that even small security holes can be exploited by savvy cyber criminals to great effects if left as they are.

The bank accounts attacks should act as a means to motivate telecoms companies to address it, though given the global reach of the protocol, that is not likely to be an easy task. So we will have to wait to see if the attacks will spur major providers to work on shutting out the vulnerability.

Such ‘baked in’ flaws in telecoms protocols should serve as a lesson to companies working on Internet of Things (IoT) devices and systems, which lack security standardisation to prevent them from being riddled with security holes ripe for exploitation in the near future.

Are you a security pro? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

1 day ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

1 day ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

1 day ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

2 days ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

2 days ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

2 days ago