Last year, a security vulnerability allowed a team of German hackers to eavesdrop on a US Congressman’s phone conversations. This year, once again, that same vulnerability was exploited in January, this time to bypass two-factor authentication and drain bank accounts.
The attackers abuse the weaknesses in Signaling System Seven (SS7, an international telecommunications protocol) to redirect the text messages the banks use to send one-time passwords.
By exploiting those weaknesses the hackers then intercepted the Texts, which will then use to transfer money out of the accounts.
The attackers used traditional malware to steal people’s online banking credentials and break into their accounts. This allowed the attackers to view a person’s balance, but they needed a one-time password from the bank to transfer money out of the account. That’s where the SS7 compromise came in.
SS7, among other functions, keeps calls connected as callers’ phones switch from one cell tower to another.