Researchers from Tel-Aviv based ‘Pandora Security’ have discovered a new wave of SS7 attacks that targeted at least twenty subscribers of the ‘Partner Communications Company’ (former ‘Orange Israel’) telecom services provider and these targets are also members of cryptocurrency projects. The actors were well prepared and feared that they have an account password and now targetting SMS codes to defeat two-factor authentication.
SMS\’s susceptibility to attacks is well understood and it should therefore not be considered a secure method for two-factor authentication. This is especially the case when dealing with sophisticated or well-funded attackers that may infiltrate or control carrier networks. Routing calls to third-party carriers is an important feature to enable roaming of mobile devices. However, since no secure verification takes place between the device and its home carrier to verify that it has signed on to a roaming partner\’s network, roaming partners (or an attacker with access to their network) can re-route calls and text messages, broadening the attack surface for text messages far beyond the home carrier. This incident is an example of how this weakness can be abused for targeted attacks by a sophisticated actor.