Hackers Took Over Telegram Accounts In Israel Through SS7 Attacks To Defeat 2FA

Researchers from Tel-Aviv based ‘Pandora Security’ have discovered a new wave of SS7 attacks that targeted at least twenty subscribers of the ‘Partner Communications Company’ (former ‘Orange Israel’) telecom services provider and these targets are also members of cryptocurrency projects. The actors were well prepared and feared that they have an account password and now targetting SMS codes to defeat two-factor authentication.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Christoph Hebeisen
Christoph Hebeisen , Director, Security Intelligence Research
InfoSec Expert
October 21, 2020 9:31 am

SMS\’s susceptibility to attacks is well understood and it should therefore not be considered a secure method for two-factor authentication. This is especially the case when dealing with sophisticated or well-funded attackers that may infiltrate or control carrier networks. Routing calls to third-party carriers is an important feature to enable roaming of mobile devices. However, since no secure verification takes place between the device and its home carrier to verify that it has signed on to a roaming partner\’s network, roaming partners (or an attacker with access to their network) can re-route calls and text messages, broadening the attack surface for text messages far beyond the home carrier. This incident is an example of how this weakness can be abused for targeted attacks by a sophisticated actor.

Last edited 2 years ago by Christoph Hebeisen
1
0
Would love your thoughts, please comment.x
()
x