• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News

How SS7 Flaw Can Be Used to Hack Gmail ID and Bitcoin Wallet

September 21st, 2017 Waqas Security, Hacking News, Technology News 0 comments
How SS7 Flaw Can Be Used to Hack Gmail ID and Bitcoin Wallet
Share on FacebookShare on Twitter

An old vulnerability in the Signalling System No. 7 (SS7) telecom network protocol was used by Positive Technologies researchers to access and steal data from a test account, which they had registered recently at Coinbase, a bitcoin exchange platform. It is thus, identified that through exploiting the SS7 flaw, an attacker could access text messages containing authentication codes and make financial transactions from the Bitcoin platform.

In its press release, Positive Technologies stated that this had already happened in spring of 2017 when cybercriminals managed to access text messages containing online banking authentication codes sent to customers of Telefonica Germany (O2), a German mobile firm and used the codes to make financial transactions.

More: Hacking Facebook Account by Simply Knowing Account Phone Number

Positive Technologies’ research revealed that they just needed to use the SS7 flaw to compromise Coinbase account was the first and last names and the phone number of the account holder and his Gmail address. Through exploiting the SS7 flaw, researchers intercepted SMS text messages sent to Gmail phone numbers and Coinbase users trying to change their passwords using two-factor authentication.

Whoever can access the SS7 system can also intercept texts containing verification codes which can be stolen by attackers to gain full control of the accounts. In case of Coinbase, virtual funds can easily be extracted from the account.

According to Positive Technologies’ head of telecommunications security department Dmitry Kurbatov:

“Unfortunately, it is still impossible to opt out of using SMS for sending one-time passwords. It is the most universal and convenient two-factor authentication technology. All telecom operators should analyze vulnerabilities and systematically improve the subscriber security level.”

The SS7 system is used by telecom operators for ensuring full protection of text messages and telephone calls. It is a set of telephony signaling protocols that are used to set-up and tear down a majority of PSTN/public switched telephone network calls around the world.

Furthermore, it performs many important functions like prepaid billing, local number portability, translation of numbers and SMS (short messaging service) along with other main telecom services.

It was developed in 1975 while in 2008 it was identified to be vulnerable to hacking. In 2014, it was reported that the SS7 vulnerability could be used by governmental agencies and non-state actors alike to track the movements of mobile phone users from any location around the world with 70% accuracy.

Positive Technologies shared a video detailing the way a hacker can compromise a Gmail account through using basic information such as mobile number just because of the SS7 flaw. When hacking was successful, researchers showed how the same SS7 flaw could be used to compromise a Bitcoin wallet.

[fullsquaread][/fullsquaread]

More: A Dark Web service claims to track any phone and read text messages

  • Tags
  • Bitcoin
  • Cryptocurrency
  • Encryption
  • gmail
  • internet
  • Privacy
  • security
  • SS7
  • Technology
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Night Vision Enabled Security Cameras Secretly Transfer Your Data
Next article Locky ransomware campaign launched 20M attacks in a single day
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
TikTok vulnerability allowed hackers to access users' phone numbers

TikTok vulnerability allowed hackers to access users' phone numbers

Watch out as new Android malware spreads through WhatsApp

Watch out as new Android malware spreads through WhatsApp

SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
TikTok vulnerability allowed hackers to access users' phone numbers
Security

TikTok vulnerability allowed hackers to access users' phone numbers

46
Why you should never use free a VPN
Drones

Why you should never use free a VPN

34
Watch out as new Android malware spreads through WhatsApp
Security

Watch out as new Android malware spreads through WhatsApp

269

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us