How hackers attack your online Bitcoin wallet
Over the years, researchers have warned about serious problems with Signaling System 7 (SS7) - the set of phone protocols can allow hackers to hear personal phone calls and read text messages on a large scale, despite the most advanced encryption used by mobile networks.
Created in the 1980s, the SS7 is a collection of telephone protocols that can house more than 800 telecom operators around the world, including AT & T and Verizon to connect and exchange data, such as routing calls and texts together, allowing roaming and many other services.
Although many fixes have been released, global mobile networks have always ignored the issue and argue that exploiting the SS7's weaknesses requires large technical and financial investments, The risk to the user is extremely low.
However, earlier this year, we witnessed a real attack, and the hacker used a design flaw in SS7 to clear the victim's bank account by blocking the two-factor authentication code. (one time password or OTP authentication code) sent to the client and redirected to the hacker.
White hat hackers from Positive Technologies have demonstrated that cyber criminals can exploit the SS7 vulnerability to control online Bitcoins to steal victims' money.
To prove the attack, the Positive researchers got the Gmail address and phone number of the target, then requested a password reset for the account, including sending a one-time token to the number. phone's goal.
Just like in earlier SS7 hack attempts, researchers blocked 2FA SMS messages by exploiting the known design flaws in SS7 and accessing Gmail mailboxes.
From there, researchers access directly the Coinbase account registered with the compromised Gmail account and initiate another password for the victim's Coinbase wallet. After that, they log into the wallet and take out all the money in it.
The above is just an example of an SS7 vulnerability attack, however, they are not limited to cryptocurrency wallets. Any service, such as Facebook, Gmail based on two factor authentication, is easily attacked.
We need to avoid using 2 factor authentication through SMS to receive OTP code. Instead, rely on encryption-based security keys as a second factor of authentication.
