Casa > cibernético Notícias > Metro Bank Victim of Sophisticated 2FA Attack That Exploits SS7

Metro Bank vítima de sofisticado ataque 2FA que explora o SS7

image ataques de malware
Metro Bank has been in a cyberattack that targeted the codes sent via text messages to customers to verify transactions. Em outras palavras, the bank is a victim of a sophisticated 2FA bypass attack. The bypass was possible after the hackers infiltrated the text messaging protocol of a telecommunications company. The attack was discovered by Motherboard.

Highly Sophisticated 2FA SS7 Attack on Metro Bank

The hack involved remote tracking of phones and intercepting text messages, and it’s very likely that other banks were targeted as well. To carry out the attack, hackers were able to exploit security flaws in the SS7 protocol which coordinates the way telecommunication companies route calls and SMS messages globally.

At Metro Bank we take our customers’ security extremely seriously and have a comprehensive range of safeguards in place to help protect them against fraud. We have supported telecommunication companies and law enforcement authorities with an industry-wide investigation and understand that steps have been taken to resolve the issue.

None of the small number of affected customers has been through a financial loss due to the hack.

In relation to the exploited vulnerability, a National Cyber Security Centre spokesperson has said that they are “aware of a known telecommunications vulnerability being exploited to target bank accounts by intercepting SMS text messages used as 2-Factor Authentication (2FA)”.

Due to its sophistication, security researchers believe that the attack wasn’t performed by conventional cybercriminals. além disso, according to the UK’s national cyber arm the National Cyber Security Centre (NCSC), now the same SS7 flaw is being exploited on a rising scale.

The irony here is that the SS7 vulnerabilities are well-known and documented. The security flaw could be exploited massively in fraud campaigns and surveillance attacks on mobile devices. Such an attack was reported in May 2017, quando [wplinkpreview url =””]SS7 was exploited by hackers in attacks designed to steal money from victims’ online bank accounts.

SS7 is a set of telephony signaling protocols developed in 1975, which is used to set up and tear down most of the world’s public switched telephone network telephone calls. It also performs number translation, local number portability, prepaid billing, SMS, and other mass market services.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:

2 Comentários
  1. AvatarChris Baumgartner

    Check your article title. It should read SS7 not S77.

    1. Milena DimitrovaMilena Dimitrova (pós autor)

      Fixo! Thank you for noticing!


Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar