A recent report revealed that a bank in Germany, had its bank accounts hacked with the hacker having taken out funds from the victims’ accounts. It was revealed that the hackers had exploited a vulnerability that has long persisted in the global mobile signaling system.
What was stolen?
According to a German Newspaper Süddeutsche Zeitung, O2 – Telefonica said that the hackers stole funds from some of its clients’ bank accounts. Essentially, the bank told the newspaper that a foreign network was responsible for committing the act, although it is not known as to which foreign network it was exactly. The bank said that the hackers managed to redirect incoming SMS messages to themselves that were meant to be received by certain mobile numbers.
According to the official statement:
- “A criminal attack was carried out from the network of a foreign provider in mid-January. It redirected incoming SMS messages for certain numbers in Germany to the attackers.”
The SS7 Protocol
Created in the early 1970s, the SS7 Protocol, otherwise known as the Signaling System No. 7, is the primary medium through which networks all across the world can interoperate. It must be noted that last year hackers also exploited the SS7 flaw to hack Facebook account by simply knowing account/victim’s phone number.
Now, it has been alleged that the hackers exploited this property to their own advantage. Apparently, once the hackers get access to a network’s operating system either through hacking or an inside person, they can then use the SS7 protocol to reach the network’s back-end system.
Therefore, it is highly likely that the hackers got hold of the victim’s bank details through getting into Telefonica’s back-end system and then took funds out of the accounts.
What else can be done with the flawed signaling system?
Well, it has been theorized that the flaw can be exploited to eavesdrop on mobile conversations or locate a person as to where he or she is exactly. You might be wondering why this flaw has not been brought to the attention of the relevant authorities and why nothing has been done about it? To your relief, the issue was made public when researchers showed how the vulnerability could be used at the Chaos Communication Congress in 2014.
Nevertheless, it is sad to say that no network company has taken the issue seriously. Perhaps this is because the telecommunications industry is not ready to believe that hackers can use the protocol to gain access to their back-end systems.
This is quite ironic because, according to an expert, people can buy the access for as little as 1,000 euros. Let us hope that the latest protocol, the Diameter, which is meant for the newer 4G and 5G networks is safe because it is primarily built for IoT applications.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.