Fraud & Identity Fraud & Identity


Fraud & Identity Featured Article


SS7 Fraud Proves Disastrous for Banks

May 09, 2017

Signaling System 7 (SS7) has been used for quite some time to allow mobile networks to communicate back and forth. Though it's a valuable system, it's not one without flaws. These flaws have had a long-realized potential for fraud, and new reports suggest that the potential has become reality, as bank accounts have been attacked and drained using the vulnerabilities in SS7.


SS7's origins go back to the 1980s, where telecom firms were putting the system to work as a means to connect cellular networks, as well as some landline networks. The system still works to this day, reports note, but further word suggested that this same system that served as the interconnection backbone of a variety of transmission types could readily be broken into and misused.

Demonstrations in 2014, meanwhile, illustrated just how such a thing could take place, as insiders—from hackers to disgruntled employees—could get access to any carrier's backend operations using SS7. With backend access, tracking locations, reading messages, and even listening in on calls are all on the table.

Something similar seems to have been done recently, as SS7 fraud was part of a move to access the two-factor authentication system used in German banking systems. Since the system sends a second code to a device before allowing a user access, the SS7 backend access allowed the hackers in question to not only gain access to the username / password combination, but also the message sent to serve as the second part of the two-factor authentication system.

A disaster to say the least, this move has pretty much destroyed the concept of two-factor authentication, at least for mobile devices. That's bad news, even as more mobile security moves to biometrics over two-factor authentication thanks to a growing number of fingerprint scanners on phones. With SS7 providing backdoor access, though, even that may not be enough to protect users from fraud. Biometrics have great potential as a security measure, but if criminals are able to get access to those scans, it could be that this powerful security system could be used against the user.

Shoring up SS7 will serve a great purpose. There's word that the Diameter protocol, which will be used with 5G, also has some security flaws. The more we can do to prevent fraud, the better off we all are. The move to biometric security over two-factor authentication may be a help, but only in one direction. It's certainly not much help for those who have had bank accounts emptied by SS7 fraud.




Edited by Alicia Young

Article comments powered by Disqus






Industry Insights

(MobileID) Proactive Fraud Prevention

Interconnect-related fraud such as International Revenue Share Fraud (IRSF) and PBX hacking fraud continue to be a billion dollar problem to the telecom industry.

(Defender Shield) Defense solutions for the modern SMS ecosystem

SMS is a ubiquitous communication method for person-to-person (P2P) text messaging, which has been in use globally for nearly 20 years.

(Defender Shield) Preventing Grey Routes and the Multi-billion dollar Threat

The convenience of mobile messaging has brought communication efficiency to billions of consumers worldwide. As is often the case with widely accepted technologies; however, convenience can provide a vulnerable gateway to fraudulent activity.

Product Documents

Asset Protect

While unlimited or high-volume voice and SMS plans offer great value to subscribers, sometimes fraudsters exploit these plans to avoid paying termination and interconnect fees.

Defender Shield

In a world with ever-increasing Application-to-Person (A2P) messaging needs and competition, improving customer satisfaction and eliminating revenue leakage is key for protecting SMS profits.

MobileID

Accurate and cost-efficient routing of voice calls and SMS is critical. Unfortunately, gathering reliable routing data on ported numbers and keeping up with constant changes in number plans is expensive and time-consuming.

Fraud Solutions

Communications fraud is a $20B annual global problem and growing. Companies are looking for peace of mind so that their business and their customers are protected from the onslaught of technology crime that is damaging their reputations and their balance sheets.