By Lily Hay Newman, Wired.com, May 9, 2017
RECENTLY, HACKERS MANAGED to drain bank accounts across Germany. They did so not by hacking the banks themselves, but by exploiting a long-known flaw in a global telephony protocol known as Signaling System 7. It’s the kind of attack that researchers have warned about for years—and may finally be the one the gets the telecom industry to clean up its giant SS7 mess.
Part of the global telecom backbone, SS7 enables carrier interoperability. It’s what lets you receive an SMS text from your friend whether you’re at your house, in a moving car, or halfway around the world roaming on a foreign network. And for years, analysts have warned that third parties can breach SS7, enabling spying and data interception. Or, in this case, the redirection of two-factor authentication codes that a bank intends for its customers.