Vulnerability in mobile network allows hackers to empty bank accounts

Posted 05 May 2017 18:04 CEST by Jan Willem Aldershoff

Hackers have been able to steal money from bank accounts by intercepting text messages (SMS) used for two-factor authentication. The hacks happened in January this year according to the German newspaper Süddeutsche Zeitung.

Interception of the text messages was possible through a vulnerability in the SS7 protocol. This standard is used by telecom providers around the world to exchange information. Thanks to SS7 it’s possible to make calls and send SMS messages in foreign countries. The vulnerability in the protocol was already known since 2014.

Hackers have found a way to intercept the code that is sent by SMS when users try to login to their bank account. By also utilizing phishing technologies the criminals obtained information about their victims such as their bank account number, mobile number and password. The phishing mails appeared to come from the user’s own bank.

As soon as the criminals were able to access a bank account they could use the obtained information, and the intercepted SMS, to transfer money to their own bank account. Victims usually ended up with an empty bank account.

The attacks mainly took place in the middle of the night, because during the attack the hackers have to trick the mobile phone into connecting to a foreign network. This can be seen on the phone. By doing their attacks in the night the victim was less likely to see that his phone was no longer connected to the regular network and take measures.

It’s unknown how many victims have been made. According to the Süddeutsche Zeitung at least some customers of the German O2-Telefonica were hacked. Because the method works with pretty much any mobile provider it’s likely many more users were affected.



Myce.com settings

Several settings at Myce.com can be changed, they are stored in cookies, which means they will be reset if you clear Myce.com cookies

Background

Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here

Layout

Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page

×