Signaling System No 7, or SS7 for short, is a set of telephony signaling protocols created by telecom companies in the 1980s to allow cellular and landline networks to interconnect and exchange data. Due to longstanding problems, researchers have been voicing concerns over security flaws in this protocol for many years. But as with many of these vulnerabilities, it took a hack with financial consequences to make progress.
A recent hack on O2 Telefonica in Germany resulted in a number of its customers having their bank accounts drained. The attackers used SS7 to exploit a two-factor authentication system used by German banks – online banking customers need to have a code sent to their phone before funds can be transferred between accounts.
The crooks spammed malware to victims’ computers in the first step, in order to collect their bank account balance, login details and passwords, plus their mobile numbers. The second step involved purchasing access to a rogue telecoms provider, setting up a redirect for the victim’s mobile phone number to a handset under their control. Finally, they logged into victims’ online bank accounts, often overnight, and transferred money out.
While it’s a resource-intensive hack, it clearly is worth the criminals’ time and money as the pay-out is substantial. Up till now the telecoms companies have been reluctant to acknowledge and accept this vulnerability, but perhaps this attack will spur them into long overdue action.