Researchers from Positive has just demonstrated how vulnerable the SS7 network truly is to hacking.
Benevolent hackers have recently demonstrated just how vulnerable the flaw in the global telecoms network, Signalling System No. 7 (SS7) truly is. In a video, these benevolent hackers were able to infiltrate and take control of a Coinbase bitcoin wallet and pinch funds, all thanks to glaring SS7 flaws.
Despite the SS7 fixes that have been available for years, there are still many weaknesses vulnerable to attack. These weaknesses can be taken advantage of and allow any individual with access to a particular part of the telecoms back to send and receive SMS texts which can intercept various data including calls and location. Usually the SS7 networks is utilized by telecoms companies to communicate, especially customers are roaming and switching between operators.
The researchers responsible for the benevolent hack used Gmail as their first point of entry. By using Google’s function to find an email using a telephone number, the hackers were able to identify the target email address and then initiated a password reset. The required authorization codes were sent to the victim’s phone via SMS. But by taking advantage of SS7 weaknesses, they were able to intercept the texts containing those codes. This allowed them to reset the password themselves and take control of the Gmail account. After this was done they take control of the bitcoin wallet, by doing another password reset, using the hijacked Gmail account.
The ease with which hackers can accomplish this poses a threat that reaches far beyond Bitcoin. This process would compromise all accounts a user has linked to their Gmail account, including social media accounts, banking accounts, PayPal accounts, and more. It would also mean that the user would lose their Gmail account entirely.
According to Positive researcher, Dmitry Kurbatov, the vulnerability in SS7 networks has far reaching implications as it affects everyone using a mobile phone, especially those using their phones to access services using codes.
The only obstacle for a malicious attacker would be obtaining access to the SS7 network itself. The researchers from Positive had access to it to conduct research and identify vulnerabilities in an effort to help network providers work on their network security. Usually a hacker wanting access to the SS7 network would either have to buy into the network, or hack their way through to the network.
So then is this an actual threat? The researchers at Positive seems to think so. According to Kurbatov, the danger lies in the fact that hackers might be able to buy access to SS7, albeit illegitimately, on the dark web. Some dark web sites such has Interconnector, have already been seen selling SS7 access. Though this has not yet been confirmed.
To date we know one at least one attack that used SS7 vulnerabilities to its advantage. This attack happened in Germany earlier this year. The hackers responsible used methods similar to that of the Positive researchers, and used it to pinch funds from bank accounts of O2-Telefonica users.
Surveillance companies have been developing and selling software and services that allows the user to spy on targets on the SS& network. The most notable software came for the Israeli company, Ability Inc. Ability Inc.’s Interception app has sold for $5m, but prices have been known to reach up to $20m, according to Ability Inc.’s CEO.
Until telecoms companies have sufficiently addressed these vulnerabilities, users are warned to stop using SMS texts as a means for authentication. Positive researchers have also previously demonstrated how to hack text apps like WhatsApp as well as social media accounts using the same method. Until the flaws have been resolved, Positive researchers suggest to use one-time codes instead like Google’s Authenticator App.
According to Daniel Romero, vice president of operations at Coinbase, they have been communicating these concerns to customers and urged them to use apps like Google Authenticator instead of the traditional SMS text based two-factor authentication. Romero adds that Coinbas has also upped their monitoring systems in order to monitor and prevent any SMS-based security threats.
Coinbase has also fallen victim to malicious attacks. Hackers have managed to steal a user’s telephone number by using social engineering in telecom firms. This allowed them to steal Bitcoin from a target.
Google’s Authenticator addresses these issues by discarding the SMS two-factor authentication. Instead they use a Google prompt or security key.
Despite Google’s efforts, users will remain vulnerable to malicious attacks unless telecom companies act. Telecom companies have received pressures from various sources to find a solution. These include Capitol Hill itself, as well as several high-profile senators. Yet despite this, telecom companies are still in search of a solution.