National Security and Foreign Affairs
Hackers have exploited long-known vulnerabilities in the SS7 networking protocol to drain customer bank accounts, despite years of warnings about the security holes.
Signaling System No.7 (SS7), as the protocol is known, is used by more than 800 telcos around the world, allowing customers in one country to send text messages to users in different countries.
The protocol also helps with interoperability between networks, and allows for phone calls to go uninterrupted while in low signal areas.
There's a major vulnerability in the way phone networks talk to each other - and hackers have used it to drain victims' bank accounts.
What's more: The issue has been known about for years, and public demonstrations have highlighted the issue, but nothing had been done about it.
It was designed as a security measure to increase protection of internet users across the globe.
But hackers have used a well-known security vulnerability in worldwide mobile telecoms networks to steal access codes to online bank accounts.
The exploit could be used against any bank that uses two-step login verification, as well as high-profile websites like Facebook, Google and many others.
A U.S. congressman is again calling for the FCC and telecom industry to fix a security flaw in the Signalling System No. 7 (SS7) that is allowing hackers to bypass two-factor authentication and wipe out bank accounts.
The issue was again brought to light when European carrier O2-Telefonica reported that some of its customers had been hit with attacks taking advantage of the SS7 vulnerability resulting in money being removed from their bank accounts.
Hackers have exploited the Signaling System #7 international telecommunications signaling protocol as part of a two-stage attack designed to drain money from people's online bank accounts.
The attacks successfully targeted online bank account holders in Germany by using call-forwarding features built into the SS7 protocol, German daily newspaper Süddeutsche Zeitung reports.
Tax Refunds Have Hackers Working Hard For Your Money
Hackers have taken advantage of a known security vulnerability in mobile networks that allowed them to intercept two-factor authentication messages to hijack user login information and drain bank accounts.
We've known for years that a key protocol that allows global cellular networks to communicate with each other had vulnerabilities -- and nobody really took it that seriously.
FOR IMMEDIATE RELEASE
Washington - House Foreign Affairs Committee Chairman Ed Royce (R-CA) and Rep. Ted Lieu (D-CA) introduced today the Chinese American World War II Congressional Gold Medal Act (H.R. 2358). The bipartisan legislation recognizes the dedicated service of Chinese American veterans of World War II and collectively awards them the Congressional Gold Medal.
FOR IMMEDIATE RELEASE
Washington – Today, Congressman Ted W. Lieu (D | Los Angeles County) issued the following statement regarding the news that hackers have used the SS7 vulnerability in the global mobile network to drain bank customer accounts.