Used by mobile networks to communicate with each other, the SS7 protocol – signalling system 7 – was created in the 1980s by telcos. It allows mobile and some landline networks to interconnect and exchange data, however, in 2014, researchers demonstrated its flaws.
Anyone with internal access to a telco could hack into, via SS7, any other carrier’s backend, anywhere in the world. This would then allow the hacker to track a phone’s location, read or redirect messages, and even listen to calls.
It seems these warnings have turned into reality, as O2-Telefonica in Germany recently confirmed to Süddeutsche Zeitung that some of its customers have had their bank accounts drained using a two-stage attack that exploited SS7.
The hackers intercepted the two-factor authentication codes sent to online banking customers – these are codes sent to their phones which allow the customer to be able to transfer funds between accounts. This enabled the infiltrators to empty the accounts.
In order to carry out this type of attack, the hackers first spammed out malware to victims’ computers. This gave them access to bank account balances, login details, account passwords and mobile numbers. Next, the attackers purchased access to a rogue telecommunications provider and set up a redirect for the victim’s mobile phone number to a handset they controlled.
Using the information they had collected, the hackers were able to log into the online bank accounts of the victims, re-route the transaction numbers and transfer money out.
Although security experts have been warning about this kind of attack, no action has been taken to address the SS7 flaws and its replacement, due to be used on the 5G networks – the Diamond protocol – is also thought to have security holes, according to the Communications Security, Reliability and Interoperability Council at America’s communications watchdog, the FCC.
Will this first publicly confirmed attack of SS7 serve as enough warning to take the issue seriously and fix the flaws?
Business mobile solutions with MF Communications
- Latest handsets – through leasing
- SIM only deals
- Tablets – through leasing
- Integrated billing with your fixed line service
- Cheaper tariffs
- 12 month or 24 month contract
- SIM cards for mobile broadband (tablets etc)
- Mobile Dongle (for laptop data use)
- Mi-fi device (wifi through SIM card and dongle device)
Disaster Recovery Planning
As the world of business becomes more reliant on computers and information & communications technology (ICT), the importance of having a Disaster Recovery Plan (DRP) in place becomes ever more paramount.
MF Communications is a dedicated team of business telecoms solutions specialists who can advise you on all aspects of security.
Please email us for further information, or to discuss your business mobile solutions needs with one of our UK business managers, call now on 01892 514687.