September 23, 2017

Here’s How Hackers Can Hijack Your Gmail ID and Bitcoin Wallet Using SS7 Flaw

Security researchers from ‘Positive Technologies’ had proven just how urgently a gaping flaw in the global telecoms network needs to be fixed. In a video demonstration, they showed how cybercriminals could exploit the SS7 flaw to access text messages containing authentication codes and steal all your funds from the Bitcoin wallets.

Hacking-Bitcoin-Wallet-Using-SS7-Flaw (1)

Positive Technologies’ research revealed that they just needed the first and last names and the phone number of the bitcoin account holder to compromise their account. While demonstrating the attack, the Positive researchers first went to Gmail to find an email account with just a phone number. After obtaining Gmail address and phone number of the target, they initiated a password reset request for the account, which involved sending a one-time authorization code to be sent to the target’s phone number.

The Positive researchers were then able to intercept the SMS messages containing the 2FA code by exploiting known designing flaws in SS7 and gain access to the Gmail account. From there, the researchers went straight to the Coinbase account that was registered with the compromised Gmail account and initiated another password reset, this time, for the victim’s Coinbase wallet. They then logged into the wallet and emptied it of crypto-cash.

Positive Technologies has also shared a proof-of-concept video, demonstrating how easy it is to hack into a bitcoin wallet just by intercepting text messages in transit.

Watch How Hackers Hacked into Bitcoin Wallet and Stole Fund

YouTube video

Not just cryptocurrency wallets, this flaw puts your banking and social media accounts at risk. “This hack would work for any resource – real currency or virtual currency – that uses SMS for password recovery,” said Positive researcher Dmitry Kurbatov.

This issue looks like a vulnerability in Coinbase, but it’s not. The real weakness resides in the cellular system itself.

“This is a vulnerability in mobile networks, which ultimately means it is an issue for everyone, especially services relying on the mobile network to send security codes,” Dmitry Kurbatov says.

Created in the 1980s, Signaling System 7 (SS7) is a telephony signaling protocol that powers over 800 telecom operators across the world, to interconnect and exchange data, like routing calls and texts with one another, enabling roaming and other services.

Researchers have been warning for years about critical issues with the SS7 that could allow hackers to listen in private phone calls and read text messages on a potentially vast scale, despite the most advanced encryption used by cellular networks.  In 2014, it was reported that the SS7 vulnerability could be used by governmental agencies and non-state actors alike to track the movements of mobile phone users from any location around the world with 70% accuracy.

Earlier this year, cybercriminals utilized this designing flaw in SS7 to attack victims’ bank accounts and make financial transactions by intercepting two-factor authentication code (OTP) sent by banks to their customers and redirecting it to themselves.

So, unless the telecom industry doesn’t take steps to make SS7 more secure, the users need to take steps on their own. Avoid using two-factor authentication via SMS texts for receiving OTP codes. Instead, rely on cryptographically-based security keys as a second authentication factor. You can use tools like Google Authenticator, Google prompt, or security key for extra security.

Download Our Crypto News Android App And Never Miss Any Update.

About the author 


{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}