The Hacker News — Cyber Security, Hacking, Technology News

Security researchers have been warning for years about critical security holes in the Signaling System 7 (SS7) that could allow hackers to listen in private phone calls and read text messages on a potentially vast scale, despite the most advanced encryption used by cellular networks.

Cellular networks, on the other hand, have consistently been ignoring this serious issue, saying that it is a very low risk for most people, as the exploitation of the SS7 flaws requires significant technical and financial investment.

But some unknown hackers have just proved them wrong by recently exploiting the design flaws in the SS7 to drain victims' bank accounts, according to a report published Wednesday by German-based newspaper Süddeutsche Zeitung.

SS7 is a telephony signaling protocol created in the 1980s by telcos and powered more than 800 telecom operators across the world, including AT&T and Verizon, to interconnect and exchange data, like routing calls and texts with one another, enabling roaming, and other services.

Real-World SS7 Attack Scenarios

The global telecom network SS7 is vulnerable to several design flaws that could allow hackers to listen to phone calls and intercept text messages on a potentially massive scale, despite the most advanced encryption used by cellular network operators.

The designing flaws in SS7 have been in circulation since 2014 when a team of researchers at German Security Research Labs alerted the world to it.

So, the privacy concerns regarding the SS7 protocol is not new.


Last year, Karsten Nohl of German Security Research Labs demonstrated the SS7 attack on US Congressman Ted Lieu's phone number (with his permission) at TV program 60 Minutes and successfully intercepted his iPhone, recorded call, and tracked his precise location in real-time just by using his cell phone number and access to an SS7 network.

In a separate demonstration, the researchers from Positive Technologies last year also gave a demonstration on the WhatsApp, Telegram, and Facebook hacks using the same designing flaws in SS7 to bypass two-factor authentication used by the services.

Thieves Using SS7 Flaw to Steal Money From Bank Accounts

Now, Germany's O2 Telefonica has confirmed that the same SS7 weaknesses have recently been exploited by cybercriminals to bypass two-factor authentication (2FA) banks used to prevent unauthorized withdrawals from users bank accounts.

"Criminals carried out an attack from a network of a foreign mobile network operator in the middle of January," an O2 Telefonica representative told Süddeutsche Zeitung. "The attack redirected incoming SMS messages for selected German customers to the attackers."

In short, cyber criminals exploited SS7 flaws to intercept two-factor authentication codes (one-time passcode, or OTP) sent to online banking customers and drained their bank accounts.

Here's How:

The attackers first spammed out traditional bank-fraud trojans to infect account holders' computers and steal passwords used to log into bank accounts, view accounts balance, along with their mobile number.

But what prevented the attackers from making money transfers is the one-time password the bank sent via a text message to its online banking customers in order to authorize the transfer of funds between accounts.

To overcome this issue, the cyber crooks then purchased the access to a fake telecom provider and set-up a redirect for the victim's phone number to a handset controlled by them. Specifically, they used SS7 to redirect the SMSes containing OTPs sent by the bank.

Next, the attackers logged into victims' online bank accounts and transferred money out, because as soon as the authorization codes were sent by the bank, instead of designated account holders, they were routed to numbers controlled by the attackers, who finalized the transaction.

Can You Avoid this Hack?

This latest SS7 attack once again shed light on the insecurity by design and lack of privacy in the global telephone network protocol, making it clear that real-world SS7 attacks are possible. And since the SS7 network is used worldwide, the issue puts billions of users in danger.

The incident also underscores the risks of relying on SMS-based two-factor authentication.

Although the network operators are unable to patch the hole anytime soon, there is little the smartphone users can do. Avoid using two-factor authentication via SMS texts for receiving OTP codes. Instead, rely on cryptographically-based security keys as a second authentication factor.

Update: If you think this technique is old and can not be used to hack your social media, bank or any online accounts, then you are mistaken. A real-world SS7 attack has been spotted this month when some unknown hackers exploited the design flaws in the Signaling System 7 (SS7) to drain victims' bank accounts.

Hacking Facebook account is one of the major queries on the Internet today. It's hard to find — how to hack Facebook account, but researchers have just proven by taking control of a Facebook account with only the target's phone number and some hacking skills.

Yes, your Facebook account can be hacked, no matter how strong your password is or how much extra security measures you have taken. No joke!

Hackers with skills to exploit the SS7 network can hack your Facebook account. All they need is your phone number.

The weaknesses in the part of global telecom network SS7 not only let hackers and spy agencies listen to personal phone calls and intercept SMSes on a potentially massive scale but also let them hijack social media accounts to which you have provided your phone number.

SS7 or Signalling System Number 7 is a telephony signaling protocol that is being used by more than 800 telecommunication operators worldwide to exchange information with one another, cross-carrier billing, enabling roaming, and other features.

However, an issue with the SS7 network is that it trusts text messages sent over it regardless of their origin. So, malicious hackers could trick SS7 into diverting text messages as well as calls to their own devices.

All they need is the target’s phone number and some details of the target’s device to initiate the silent snooping.

The researchers from Positive Technologies, who recently showed how they could hijack WhatsApp and Telegram accounts, now gave the demonstration of the Facebook hack using similar tricks, Forbes reported.

SS7 has long been known to be vulnerable, despite the most advanced encryption used by cellular networks. The designing flaws in SS7 have been in circulation since 2014 when the team of researchers at German Security Research Labs alerted the world to it.

Here's How to Hack Any Facebook Account:

The attacker first needs to click on the "Forgot account?" link on the Facebook.com homepage. Now, when asked for a phone number or email address linked to the target account, the hacker needs to provide the legitimate phone number.

The attacker then diverts the SMS containing a one-time passcode (OTP) to their own computer or phone, and can login to the target’s Facebook account.

The issue affects all Facebook users who have registered a phone number with Facebook and have authorized Facebook Texts.

Besides Facebook, researchers' work shows that any service, including Gmail and Twitter, that uses SMS to verify its user accounts has left open doors for hackers to target its customers.

Although the network operators are unable to patch the hole sometime soon, there is little the smartphone users can do.

• Do not link your phone number to social media sites, rather rely solely on emails to recover your Facebook or other social media accounts.
• Use two-factor authentication that does not use SMS texts for receiving codes.
• Use communication apps that offer "end-to-end encryption" to encrypt your data before it leaves your smartphone over your phone's standard calling feature.

"Because this technique [SSL exploitation] requires significant technical and financial investment, it is a very low risk for most people," Facebook spokesperson told The Hacker News. 

"As an added precaution, we recommend turning on two-factor authentication, called Login Approvals, in your Facebook security settings. Doing this will disable recovery via SMS on your account so even if someone has your phone number, they'll still need your password to access your account."