‘Attacks via ss7 protocol to intercept 2fa text messages are on the rise’

The number of ss7 attacks by criminals to intercept text messages and thus gain access to bank accounts, for example, is increasing. That is the claim of security researcher Karsten Nohl of Security Research Labs.

Motherboard reports an attack via the ss7 protocol targeting Britain’s Metro Bank. According to the site, these types of attacks are still relatively rare, but at the same time they are more common than reported. Karsten Nohl confirms that: “Some of our customers in the banking and financial sector are seeing more and more ss7-based requests.” The researcher does not mention numbers.

Nohl has investigated vulnerabilities in the ss7 protocol in the past and reported frequently about the problems these vulnerabilities entail, such as being able to eavesdrop on conversations, tracking mobile phones and intercepting SMS traffic. SS7 stands for signaling system no.7 and this protocol is the itu standard that almost all telecom companies worldwide use for mutual communication. They use it for, among other things, making and breaking calls, SMS traffic and charging roaming charges.

The problem is, among other things, that there is no authentication by default, which makes it impossible to check whether text messages have been routed by unauthorized parties. Criminals abuse this by intercepting the text messages that banks send with two factor verification. If they have obtained the victim’s account name and password through phishing, they can use the verification text messages to log into accounts to divert money.