Criminals Drain European Bank Accounts Using SS7 Security Flaw

A known security flaw in the Signaling System 7 (SS7) protocol, which controls the way mobiles exchange calls and text messages across the globe, has been used by cyber criminals to  crack into the  European bank accounts.

According to German newspaper Süddeutsche Zeitung the vulnerability was exploited in January  and used to bypass the two-factor authentication European banks were using to secure access to customer accounts.

The attackers were able to use SS7 to redirect text messages used by the banks to send one-time-use passwords to their own numbers then use ‘mobile transaction authentication numbers (mTANs) to transfer money out of a targeted account.

SS7 flaw exploit

Banks affected by the hack attack had to be infected by more traditional trojan malware needed to swipe the login credentials and passwords of customer accounts, after which they could login to accounts and view balances. However, to exfiltrate money, the hackers had to exploit the SS7 flaw to gain access to the one-off security code the banks sent as additional verification for money transfers.

“Criminals carried out an attack from a network of a foreign mobile network operator in the middle of January,” a representative with Germany’s O2 Telefonica told Süddeutsche Zeitung . “The attack redirected incoming SMS messages for selected German customers to the attackers.”

The unidentified network has since been blocked, and affected people have been warned of their bank account breach.

However, the SS7 security hole remains and has been in place since it first came to light in 2008. Awareness of the hole in a protocol that allows mobiles to functions with each other across the world, has been low and the risk of the SS7 vulnerability was deemed to be low.

With such bank accounts hack attacks, the flaw in SS7 has been dragged back out into the limelight and highlights that even small security holes can be exploited by savvy cyber criminals to great effects if left as they are.

The bank accounts attacks should act as a means to motivate telecoms companies to address it, though given the global reach of the protocol, that is not likely to be an easy task. So we will have to wait to see if the attacks will spur major providers to work on shutting out the vulnerability.

Such ‘baked in’ flaws in telecoms protocols should serve as a lesson to companies working on Internet of Things (IoT) devices and systems, which lack security standardisation to prevent them from being riddled with security holes ripe for exploitation in the near future.

Are you a security pro? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

2 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago