A known security flaw in the Signaling System 7 (SS7) protocol, which controls the way mobiles exchange calls and text messages across the globe, has been used by cyber criminals to crack into the European bank accounts. According to German newspaper Süddeutsche Zeitung the vulnerability was exploited in January and used to bypass the two-factor authentication European banks were using to secure access to customer accounts. The attackers were able to use SS7 to redirect text messages used by the banks to send one-time-use passwords to their own numbers then use ‘mobile transaction authentication numbers (mTANs) to transfer money out of a targeted account.
ORIGINAL SOURCE: Silicon UK
The post Criminals Drain European Bank Accounts Using SS7 Security Flaw appeared first on IT SECURITY GURU.
from Criminals Drain European Bank Accounts Using SS7 Security Flaw