Collaborate Disseminate
A group of thieves exploited weaknesses in Signaling System 7 (SS7) to drain users’ bank accounts, including those protected by two-step verification (2SV).
David Bisson reports.
Continue reading Bank robbers exploited SS7 weaknesses to drain 2SV-protected accounts
Cyber criminals have started exploiting a long-known security vulnerabilities in the SS7 protocols to bypass German banks’ two-factor authentication and drain their customers’ bank accounts. What is SS7 and what do these vulnerabilities allow? SS7 (Signaling System #7) is a set of telephony signaling protocols that are used by over 800 of telecoms around the world. It allows their customers to seamlessly connect to different telecom networks when travelling, and use their mobile phone in … More → Continue reading Attackers exploited SS7 flaws to empty Germans’ bank accounts
Design flaws related to SS7 has been known to us for quite a while now but telcos have conveniently discarded the arguments saying that the risk is too low due to the significant investments required for performing the attack… Continue reading Should 2FA over SMS be considered insecure in the wake of recent SS7 attacks?
The same weakness could be used to eavesdrop on calls and track users’ locations. Continue reading Thieves drain 2fa-protected bank accounts by abusing SS7 routing protocol
I am aware of the risks of SS7 for mobile users. Attackers can get location information, send spoofed texts, cause DoS and intercept phone calls/texts.
Do those risks still apply for landlines? There is no roaming support, so I would assu… Continue reading Do SS7-based attacks affect landlines?
Last week, KrebsOnSecurity received an email from eBay. The company wanted me to switch from using a hardware key fob when logging into eBay to receiving a one-time code sent via text message. I found it remarkable that eBay, which at one time was well ahead of most e-commerce companies in providing more robust online authentication options, is now essentially trying to downgrade my login experience to a less-secure option. Continue reading eBay Asks Users to Downgrade Security
Positive Technologies researchers have demonstrated that knowing a user’s phone number and how to exploit a vulnerability in the SS7 network is enough to hijack that user’s Facebook account. As demonstrated in the above video, attackers can take advantage of the social network’s password recovery functionality to make it send a one-time password via SMS to the user. In the meantime, they can exploit vulnerabilities in the SS7 network to acquire details about the victim’s … More → Continue reading How attackers can hijack your Facebook account
Hacking Facebook account is one of the major queries on the Internet today. It’s hard to find — how to hack Facebook account, but researchers have just proven by taking control of a Facebook account with only the target’s phone number and some hacking skills.
Yes, your Facebook account can be hacked, no matter how strong your password is or how much extra security measures you have taken. No
Continue reading How to Hack Someones Facebook Account Just by Knowing their Phone Numbers
German hacker Karsten Nohl has demonstrated to the crew of CBS News’ 60 Minutes program how easy it can be for well-resourced attackers to eavesdrop on the phone calls and track the current geographic position of any one user. All the attacker needs to know about the target is his or her phone number, and have access to Signalling System No. 7 (SS7). The vulnerability SS7 is a set of telephony signaling protocols that are … More → Continue reading Flaw allows eavesdropping and tracking of mobile phone users
SS7 routing protocol also exposes locations, contacts, and other sensitive data. Continue reading How hackers eavesdropped on a US Congressman using only his phone number