Whenever you buy a product on internet, the bank with which we made the purchase sends a security code of up to 6 digits on our smartphone to approve and confirm the transaction. This type of operation is called two-factor authentication (2FA) and is considered safe. The truth, however, is that it’s very vulnerable, because text messages received on the smartphone can be intercepted by hackers. This is success in the UK, but isn’t the only nation to be hit by this kind of cyber attacks.
Hackers manage to approve the sms of tax validation thanks to a security flaw in the SS7 (also known as Signaling System 7 or Common Channel Signaling System 7), a protocol that companies control to redirect messages and calls. The SS7 network doesn’t care to see who sent the request to respond to the transaction, if the hackers are able to access the validation process, the network will follow the commands received to redirect messages and calls, as if they were operations all legitimate.
The two-factor authentication, that was erroneously considered unassailable, has showed to the contrary that it is very vulnerable. In fact, anyone with access to the SS7 system can use your text messages to steal money from your bank account profile.
How can we protect from such attacks? We suggest two ways: first asking bank for other more secure authentication variants such as the Google Authenticator service and encrypted USB sticks; second is a device for the protection of the home network. In fact, a good antivirus device did not allow the banking Trojan to infect our computers, so the bank's credentials were not stolen. In this regard, IES Italia and Ntop team have developed IVO, a device that, together with the app, protects home network as a shield and monitors children on web. Thanks to systems like IVO, it’s possible to protect your personal data that, in an always more connected world, that preparing itself to welcome 5G, they are more in danger.
So keep calm and protect your data with IVO!
#Signaling System 7
#Common Channel Signalling System 7
By IES Team
Press release: IES Italia's infrastructure has been subject to very serious DdoS type cyber attacks