Criminals Drain European Bank Accounts Using SS7 Security Flaw

A known security flaw in the Signaling System 7 (SS7) protocol, which controls the way mobiles exchange calls and text messages across the globe, has been used by cyber criminals to  crack into the  European bank accounts.

According to German newspaper Süddeutsche Zeitung the vulnerability was exploited in January  and used to bypass the two-factor authentication European banks were using to secure access to customer accounts.

The attackers were able to use SS7 to redirect text messages used by the banks to send one-time-use passwords to their own numbers then use ‘mobile transaction authentication numbers (mTANs) to transfer money out of a targeted account.

SS7 flaw exploit

Banks affected by the hack attack had to be infected by more traditional trojan malware needed to swipe the login credentials and passwords of customer accounts, after which they could login to accounts and view balances. However, to exfiltrate money, the hackers had to exploit the SS7 flaw to gain access to the one-off security code the banks sent as additional verification for money transfers.

“Criminals carried out an attack from a network of a foreign mobile network operator in the middle of January,” a representative with Germany’s O2 Telefonica told Süddeutsche Zeitung . “The attack redirected incoming SMS messages for selected German customers to the attackers.”

The unidentified network has since been blocked, and affected people have been warned of their bank account breach.

However, the SS7 security hole remains and has been in place since it first came to light in 2008. Awareness of the hole in a protocol that allows mobiles to functions with each other across the world, has been low and the risk of the SS7 vulnerability was deemed to be low.

With such bank accounts hack attacks, the flaw in SS7 has been dragged back out into the limelight and highlights that even small security holes can be exploited by savvy cyber criminals to great effects if left as they are.

The bank accounts attacks should act as a means to motivate telecoms companies to address it, though given the global reach of the protocol, that is not likely to be an easy task. So we will have to wait to see if the attacks will spur major providers to work on shutting out the vulnerability.

Such ‘baked in’ flaws in telecoms protocols should serve as a lesson to companies working on Internet of Things (IoT) devices and systems, which lack security standardisation to prevent them from being riddled with security holes ripe for exploitation in the near future.

Are you a security pro? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

24 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago