It only takes a few moments to share an article, but the person on the other end who reads it might have his life changed forever.

Tuesday, May 16, 2017

How Hackers Steal Money from Bank Accounts reports:
The SS7 refers to the Common Channel Interoffice Signalling 7 (CCIS7) or the Signalling System 7 (SS7). The SS7 is the protocol in the mobile phones that checks and monitors how the text messages and calls are governed and exchanged by mobile phones.

These days, most of the banks offer a two-factor authentication, where the customers receive a one time temporary password (OTP). It is to be used after entering the regular ID and password for undertaking bank transactions.

If someone is capable of accessing the customers’ text message by hacking the vulnerabilities of SS7, they gain access to the text messages and OTPs. The hacking is done at the level of the telecom companies, and there isn’t much that the customers and the banks can do in this regard to prevent or counter the attack.

And, this is exactly what has happened.

According to Suddeutsche Zeitung, the aforementioned German newspaper, hackers were able to attack SS7 in January 2017, and thus, swindled money from the accounts of bank customers. The newspaper has reported the modus operandi of the hackers.

They first, through phishing attacks, gained access to the primary login credentials of their victims. Afterwards, they attacked the SS7 to transact money from the accounts.

One of the main telecom companies affected by the January attack was O2-Telefonica. The attack meant that the incoming text messages with the OTPs were diverted to the hackers, who in turn, used them to pull money from the accounts of the victims.

No comments:

Post a Comment