Metro Bank has been in a cyberattack that targeted the codes sent via text messages to customers to verify transactions. In other words, the bank is a victim of a sophisticated 2FA bypass attack. The bypass was possible after the hackers infiltrated the text messaging protocol of a telecommunications company. The attack was discovered by Motherboard.
Highly Sophisticated 2FA SS7 Attack on Metro Bank
The hack involved remote tracking of phones and intercepting text messages, and it’s very likely that other banks were targeted as well. To carry out the attack, hackers were able to exploit security flaws in the SS7 protocol which coordinates the way telecommunication companies route calls and SMS messages globally.
At Metro Bank we take our customers’ security extremely seriously and have a comprehensive range of safeguards in place to help protect them against fraud. We have supported telecommunication companies and law enforcement authorities with an industry-wide investigation and understand that steps have been taken to resolve the issue.
None of the small number of affected customers has been through a financial loss due to the hack.
In relation to the exploited vulnerability, a National Cyber Security Centre spokesperson has said that they are “aware of a known telecommunications vulnerability being exploited to target bank accounts by intercepting SMS text messages used as 2-Factor Authentication (2FA)”.
Due to its sophistication, security researchers believe that the attack wasn’t performed by conventional cybercriminals. Furthermore, according to the UK’s national cyber arm the National Cyber Security Centre (NCSC), now the same SS7 flaw is being exploited on a rising scale.
The irony here is that the SS7 vulnerabilities are well-known and documented. The security flaw could be exploited massively in fraud campaigns and surveillance attacks on mobile devices. Such an attack was reported in May 2017, when [wplinkpreview url=”https://sensorstechforum.com/hackers-exploit-ss7-mtans-drain-bank-accounts/”]SS7 was exploited by hackers in attacks designed to steal money from victims’ online bank accounts.
SS7 is a set of telephony signaling protocols developed in 1975, which is used to set up and tear down most of the world’s public switched telephone network telephone calls. It also performs number translation, local number portability, prepaid billing, SMS, and other mass market services.