SS7 protocol vulnerabilities,ss7 protocol exploit

Developed in the 1970s telephone network (PSTN) communication protocol SS7, 90 years after the rise was 800 mobile operators to use, and now more and more fraudulent use of fraud, security researchers have warned SS7 (Signaling System No .7) has a large security hole in the internal network, people from all over the world can track a user’s phone records, while also access to telephone and SMS permissions. Recently, the German mobile telecommunications operator O2 Telecom to the “South German Journal” confirmed that some of its users because of SS7 agreement loopholes were hijacked by the 2FA SMS authentication, resulting in user bank card account theft.

In this case, the attacker cracked and hijacked the 2FA system SMS verification code, the German bank’s online banking users in the transaction before the need to send SMS verification code by mobile operators to confirm. This provides hackers with the SS7 vulnerability to provide space, hackers first to the victim computer to send spam into the malware, collecting bank account balance, login information, account password and mobile phone number and other information. And then they purchased a rogue telecom transceiver system platform that could exploit the SS7 protocol vulnerability to intercept the victim’s number and redirect the data information to the attacker’s handheld device. Usually, at midnight, the offender uses the collected victim information to initiate the transaction and confirm the transaction with the intercepted SMS verification code to complete the theft.

The first large-scale use of SS7 loopholes to steal bank account event outbreak, or will promote more European and American communications operators as soon as possible to deploy repair SS7 protocol vulnerabilities.

The post SS7 protocol vulnerabilities public outbreak: lead to Germany O2 user account theft appeared first on Penetration Testing in Linux. http://ift.tt/2pG09gd http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s