There are cybersecurity researchers which indicate that signaling system 7 (SS7) can be used to drain the bitcoin account of an individual. This is due to the link between the SS7 mobile messaging with the Coinbase account and Gmail account of an individual. Criminals are able to link them so as to ensure that they access the Bitcoins from the Coinbase account. The SS7 messages are used to work by facilitation of the mobile network requiring proper security of online accounts from cybercrime. SS7 flaws are used to acquire confidential data of an individual which could lead to financial loss of the individual.
These are the imperfections of the mobile messaging network which could lead to cybercrime on the online accounts related to the mobile messaging network. Positive Technology researchers identified the SS7 flaws which make it possible for cybercrimes using the messaging network.
The security lead officer of Positive Technology, Dmitry Kurbatov demonstrated the insecurity of SMS. This is due to the authentication in a two-factor which makes it possible to apply the one-time password. The one-time password is used o verify transaction of different online accounts making it possible for individuals to hack online cash accounts.
The flaws of SS7 in SMS transmission makes it possible for attackers to intercept the messages which are vital in securing accounts. The passwords are often sent as a message and once an individual has access to the messages it becomes possible to access the accounts using the passwords.
The two-factor authentication either in device or application provides the details of the registered mobile phone number. Hackers exploit the features of SS7 to intercept various SMS of individual thus acquiring confidential passwords of the user.
When the one-time passwords are sent through the SMS it becomes risky for an individual due to the access of the information considering the SS7 defects.
The attackers targeted Coinbase account which handles Bitcoins and other digital currencies of an individual. The one-time password which is sent as SMS makes it possible for attackers to access the Coinbase account leading to Bitcoins and other digital currencies losses.
The attackers later get access to the Gmail account which is linked to the Coinbase using the acquired one-time password from the SMS. The mobile phone and Coinbase account are linked together in a two-factor authentication making it easy to access the accounts related to the mobile number once one has the message. The two-factor authentication of Gmail and Coinbase accounts allows the attackers to access online currency using the obtained Gmail.
Cybercriminals intercept the SMS message verification to another mobile number so as to trigger a Gmail password reset. Once the Gmail account is reset using a different number they are able to access the Coinbase account and reset the password. Anew mobile phone number is used o accept the SMS of the authentication code making it possible for the attackers to have a full access to the Coinbase account. Once the mobile number and Gmail account password are changed the attackers empty the funds in the Coinbase account. This process of hacking is made possible through the use of a black market hijack services for SMS or using unauthorized SS7 instructions.
Cybercriminals rely on SSM for password recovery when accessing Coinbase accounts of different people. In Germany, there was a complex method of cyber attack where the attackers aimed at getting the bank logins so as to empty accounts of individuals.
Telefonica Germany network was used by attackers to intercept transactions of individuals using the authentication messages sent. This threat led to the meeting of telecommunication and banking representative to deal with the cyber attack threats. Telefonica Germany identified that SS7 messages from a malicious source were transmitted to the people. The network operator blocked the suspicious user to avoid mobile phone hacking by thieves.
The flaws negatively impacted the banking and telecommunications industry as the people lost the confidence of the security of the online currency. The cybercrimes require intervention by of It experts to deal with the cases of hacking of mobile phones SMS services which are used to verify a Coinbase account.
Germany researcher Karsten Nohl states that it is possible to hack text messages and movement of an individual requiring improvement of cyber security to handle the IT issues.