Phone Hack Drains German Bank Accounts

A vulnerability that terminal twelvemonth immune a team of German language hackers to eavesdrop on a US Congressman'southward telephone conversations was, once again, exploited in Jan, this fourth dimension to bypass two-factor hallmark and drain bank accounts, according to a new written report.

The attackers leveraged weaknesses in Signaling Arrangement Seven (SS7)—a set up of international telecommunications protocols—to "redirect the text messages the banks used to transport one-fourth dimension passwords," according to Ars Technica, which cites German language paper Süddeutsche Zeitung.

Texts were intercepted past hackers, who "used the mTANs—brusk for 'mobile transaction authentication numbers'—to transfer money out of the accounts," Ars reports.

Prior to intercepting the mTANs, the attackers used traditional malware to steal people's online banking credentials and intermission into their accounts. This allowed the attackers to view a person's remainder, but they needed a one-time password from the bank to transfer money out of the business relationship. That's where the SS7 compromise came in.

The assail affected an unspecified number of German individuals, who were notified about the breach, Germany'southward O2 Telefonica told Süddeutsche Zeitung.

SS7, amongst other functions, keeps calls connected as callers' phones switch from one cell tower to another, if they're using their telephone in a car on the highway, for instance.

News of the attack comes subsequently 60 Minutes in April 2022 highlighted SS7 bugs, which security researchers—and international spy agencies—have known about for years. Karsten Nohl, a chief scientist for Berlin-based Security Inquiry Labs, demonstrated the flaws by tapping an iPhone chat between Rep. Ted Lieu, a California Democrat, and 60 Minutes reporter Sharyn Alfonsi using only a phone number.

Following the incident, Lieu called for a congressional investigation into the SS7 flaws. The FCC's Communications Security, Reliability and Interoperability Council (CSRIC)—which provide advice and recommendations to the FCC near improving the nation'due south communications systems—later on investigated the issue and recommended in a March study that more attention be paid to SS7 vulnerabilities.

But the CSRIC's charter expired soon thereafter. In a March 28 letter to FCC Chairman Ajit Pai, Rep. Lieu and Sen. Ron Wyden, both Democrats, urged the FCC to renew the lease and expand the CSRIC'southward scope to fully accost the event.

"It is articulate that industry self-regulation isn't working when it comes to telecommunications cybersecurity," Lieu and Wyden wrote. They pushed Pai to force wireless carriers "to accost these serious cybersecurity vulnerabilities, [warn] the American public that their movements, communications, and devices may be vulnerable to foreign governments and hackers, and [promote] the utilize of end-to-end-encryption apps, which...tin exist used to mitigate some of the SS7 risks."

The FCC renewed the CSRIC charter on April x, and called for membership nominations.

This week, Rep. Lieu tweeted that he has "been screaming for FCC & telecom industry to prepare #SS7 security flaw. Perhaps bank losses will get them to human activity."

About Angela Moscaritolo

Angela Moscaritolo is PCMag's skilful on fitness and smart home products. Instruction yoga for nearly x years has helped her in evaluating a range of connected wellness products including fitness trackers, centre rate monitors, rowers, smart scales, stationary bikes, strength training machines, treadmills, and more. Angela likewise tests smart home devices from her ranch in Florida, including air purifiers, kitchen appliances, and robot vacuums, just to proper noun a few.

Source: https://sea.pcmag.com/software/15476/phone-hack-drains-german-bank-accounts

Posted by: copasdrigatured1961.blogspot.com

Share this post