An old vulnerability in the Signalling System No. 7 (SS7) telecom network protocol was used by Positive Technologies researchers to access and steal data from a test account, which they had registered recently at Coinbase, a bitcoin exchange platform. It is thus, identified that through exploiting the SS7 flaw, an attacker could access text messages containing authentication codes and make financial transactions from the Bitcoin platform.
In its press release, Positive Technologies stated that this had already happened in spring of 2017 when cybercriminals managed to access text messages containing online banking authentication codes sent to customers of Telefonica Germany (O2), a German mobile firm and used the codes to make financial transactions.
Positive Technologies’ research revealed that they just needed to use the SS7 flaw to compromise Coinbase account was the first and last names and the phone number of the account holder and his Gmail address. Through exploiting the SS7 flaw, researchers intercepted SMS text messages sent to Gmail phone numbers and Coinbase users trying to change their passwords using two-factor authentication.
Whoever can access the SS7 system can also intercept texts containing verification codes which can be stolen by attackers to gain full control of the accounts. In case of Coinbase, virtual funds can easily be extracted from the account.
According to Positive Technologies’ head of telecommunications security department Dmitry Kurbatov:
“Unfortunately, it is still impossible to opt out of using SMS for sending one-time passwords. It is the most universal and convenient two-factor authentication technology. All telecom operators should analyze vulnerabilities and systematically improve the subscriber security level.”
The SS7 system is used by telecom operators for ensuring full protection of text messages and telephone calls. It is a set of telephony signaling protocols that are used to set-up and tear down a majority of PSTN/public switched telephone network calls around the world.
Furthermore, it performs many important functions like prepaid billing, local number portability, translation of numbers and SMS (short messaging service) along with other main telecom services.
It was developed in 1975 while in 2008 it was identified to be vulnerable to hacking. In 2014, it was reported that the SS7 vulnerability could be used by governmental agencies and non-state actors alike to track the movements of mobile phone users from any location around the world with 70% accuracy.
Positive Technologies shared a video detailing the way a hacker can compromise a Gmail account through using basic information such as mobile number just because of the SS7 flaw. When hacking was successful, researchers showed how the same SS7 flaw could be used to compromise a Bitcoin wallet.