As indicated by yet another research cyber hackers have now
shifted their attention towards taping the phone network by means of the misuse
of the SS7 protocol in order to steal money from the bank accounts directly by
intercepting the messages.
Since the protocol is utilized by Internet service providers
and telecom company to control the telephone calls and instant text messages
across the world, the SS7 attacks performed by the said cyber criminals uses a
current ‘structure blemish’ i.e. a flaw in it and exploits it accordingly so as
to perform different perilous attacks, that are very much similar to the acts
of data theft, eavesdropping, text interception and location tracking.
UK’s Metro Bank has already fallen victim to this attack. In
view of the affirmation given by the National Cyber Security Center (NCSC), the
‘defensive’ arm of the UK’s signals intelligence agency GCHQ, SS7 attacks are
consistently utilized by cybercriminals to intercept the messages in order to
steal the code that is additionally utilized for bank transactions.
NCSC said that “We are aware of a known telecommunications
vulnerability being exploited to target bank accounts by intercepting SMS text
messages used as 2-Factor Authentication (2FA).”
Due to this two factor authentication, by having a SS7
network access the cybercriminals can intercept the messages even after they
gain access to the internet banking login credentials by the means of phishing
attacks and then initiate the verification code through text message. Later
they can without much of a stretch block it through SS7 attack and use it to
finish their transaction procedure.
 “Something that
members of the general public don’t necessarily have to worry about. An SS7
attack is unlikely to be effective if the bank uses a form of 2FA that doesn’t
rely on text messages, such as an authenticator app.”
When approached some of the notable Telecom Service
Providers to get to know their thoughts regarding this matter of concern,
Vodafone says “We have specific security measures in place to protect our
customers against SS7 vulnerabilities that have been deployed over the last few
years, and we have no evidence to suggest that Vodafone customers have been
affected.”
Likewise they express that, they are working with GSMA,
banks and security specialists so as to alleviate and further protect their
clients.

Share this with Your friends:





Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.