After years of warnings, mobile network hackers have exploited SS7 flaws to drain bank accounts. SS7 is a set of telephony signaling protocols developed in the 1980s, to handle the public switched telephone network (PSTN), SMS etc.
The hackers first spammed out malware to victims' computers, which collected the bank account balance, login details and passwords for their accounts, along with their mobile number. Then they purchased access to a rogue telecommunications provider and set up a redirect for the victim's mobile phone number to a handset controlled by the attackers.
Next, usually in the middle of the night when the mark was asleep, the attackers logged into their online bank accounts and transferred money out. When the transaction numbers were sent they were routed to the criminals, who then finalized the transaction.
So any security that depend on PSTN-SS7 security is proven to be inadequate.
(Score: 2) by sjames on Friday May 05 2017, @08:05PM (2 children)
SS7 was developed when we had THE phone company. It's assumptions for security are based on that. It's primary "security" was moving from in-band MF signaling to out-of-band so you couldn't access it from a POTS line.
It really wasn't meant to have less trusted entities in the network.
(Score: 2) by edIII on Friday May 05 2017, @08:17PM (1 child)
LOL. Yeah that moving to out-of-band signalling was because certain people could whistle the tones themselves :)
That was a magical time when a subset of hackers called phreakers ruled the telecommunications networks. Black boxes, Blue boxes, Beige boxes, phreakers were fairly adept and could hack a telecom with parts and supplies from Radio Shack.
Phreaking has evolved quite a bit, but messing around with the SS7 protocol and the PSTN counts. Nice to know those guys aren't completely irrelevant. I've got this idea in my head that it was a bunch of old guys that pulled this off because they were pissed the H1Bs came and took their jobs for less :D
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1) by anubi on Saturday May 06 2017, @06:50AM
Phone Phreaking... what a memory...
Anyone remember that little flyer in the early 70's, ( predating Phrack or 2600 ) that circulated amongst those of us with an interest in the phone system?
I remember several of us people in engineering passing it amongst us, but for the life of me I cannot remember its name. It used to have some poetry on its cover sheet..
Something like...
Dial a mile
Smile a while
Here's more data
For your file
Along with some crude artwork. The good stuff was inside.
It was four to five typed and xeroxed pages folded together and mailed. A really small operation. This was in the very early 70's, and for the life of me I can't recall what it was called, but it had all sorts of info on how the phone system of the day worked.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]