Cyber criminals intercept codes used for banking – to empty your accounts

[harlan4096]

Two factor authentication (2FA) is a method widely used by the financial institutions worldwide to keep their customers’ money safe: you know, those short 4-6-digit codes you receive from your bank that you have to input to approve a transaction. Usually, banks send those one-time passwords in SMS text messages. Unfortunately, SMS is one of the weakest ways to implement 2FA, as text messages can be intercepted. And that is what has just happened in the UK.

How can the criminals get your text messages? Well, there are different ways, and one of the most extravagant is exploiting a security flaw in SS7, a protocol used by telecommunications companies to coordinate how they route texts and calls (you can read more about it in this post). SS7 network does not care who sent the request. So, if malefactors manage to access it, the network will follow their commands to route text messages or calls, as if those commands were legitimate.

The whole scheme looks as follows: the cyber criminals first obtain a target’s online banking username and password — possibly via phishing or keyloggers or Banking Trojans. Then, they log in to the online bank and request a money transfer. Nowadays, most banks would ask for additional confirmation of the transfer and send a code for verification to the account owner. If the bank does it in form of a text message, this is where malefactors exploit the SS7 vulnerability: they intercept the text and enter the code, as if they had your phone. Banks accept that transfer as totally legitimate, because the transaction had been authorized twice: once with your password, and then with the one-time code. So, the money goes to the criminals.

Full reading: https://www.kaspersky.com/blog/ss7-hacked/25529/