­čô▒Thieves drain 2fa-protected bank accounts by abusing SS7 routing protocol

arstechnica.com

Brilliant yet very scary way of bypassing two-factor authentication.

In January, thieves exploited SS7 weaknesses to bypass two-factor authentication banks used to prevent unauthorized withdrawals from online accounts (...) the attackers used SS7 to redirect the text messages the banks used to send one-time passwords. Instead of being delivered to the phones of designated account holders, the text messages were diverted to numbers controlled by the attackers.

Read more...
Linkedin

Want to receive more content like this in your inbox?