O2 has confirmed that some of its customers have had their bank accounts plundered by criminals, using a two-stage attack that exploited flaws in the mobile network, Michael Downs, Director of Telecoms Security at EMEA commented below.
Michael Downs, Director of Telecoms Security, EMEA at Positive Technologies:
“This incident is a sharp wake-up call. It is a sign that it’s getting easier for attackers, motivated by greed and nefarious intent, to access once closed parts of the global mobile infrastructure to not only steal money, but also track location, eavesdrop on private communications and even take down entire areas.”
“While no-one denied vulnerabilities existed, the sector believed the risk was minimal. However, as this incident shows, they clearly open mobile users up to the same kind of mass cybercrime problem that Internet users have suffered from for years.”
“Of equal concern is that Diameter, the new protocol for 4G and 5G networks, is similarly vulnerable despite being designed as a platform for thousands of emerging IoT applications – from cars to connected cities. Networks must accept the threat, educate themselves about the attack vectors being used and move to monitor and neutralise the problem. If they don’t, the brave new future where everything is connected, will suffer.”