refers to the Common Channel Interoffice Signalling 7 (CCIS7) or the
Signalling System 7 (SS7). The SS7 is the protocol in the mobile phones
that checks and monitors how the text messages and calls are governed
and exchanged by mobile phones.
days, most of the banks offer a two-factor authentication, where the
customers receive a one time temporary password (OTP). It is to be used
after entering the regular ID and password for undertaking bank
If someone is
capable of accessing the customers’ text message by hacking the
vulnerabilities of SS7, they gain access to the text messages and OTPs.
The hacking is done at the level of the telecom companies, and there
isn’t much that the customers and the banks can do in this regard to
prevent or counter the attack.
And, this is exactly what has happened.
to Suddeutsche Zeitung, the aforementioned German newspaper, hackers
were able to attack SS7 in January 2017, and thus, swindled money from
the accounts of bank customers. The newspaper has reported the modus
operandi of the hackers.
They first, through phishing attacks,
gained access to the primary login credentials of their victims.
Afterwards, they attacked the SS7 to transact money from the accounts.
of the main telecom companies affected by the January attack was
O2-Telefonica. The attack meant that the incoming text messages with the
OTPs were diverted to the hackers, who in turn, used them to pull money
from the accounts of the victims.