A known security flaw in the Signaling System 7 (SS7) protocol, which controls the way mobiles exchange calls and text messages across the globe, has been used by cyber criminals to crack into the European bank accounts. According to German newspaper Süddeutsche Zeitung the vulnerability was exploited in January and used to bypass the two-factor authentication European banks were using to secure access to customer accounts. The attackers were able to use SS7 to redirect text messages used by the banks to send one-time-use passwords to their own numbers then use ‘mobile transaction authentication numbers (mTANs) to transfer money out of a targeted account.
View full story
ORIGINAL SOURCE: Silicon UK