Metro Bank bank has reportedly been attacked by a sophisticated two-factor authentication (2FA) bypass SS7 attack.
According to a report by Motherboard, hackers infiltrated a telecoms firm’s text messaging protocol in a so-called SS7 attack.
But what is an SS7 attack?
The Signalling Systems Number 7 (SS7) protocol is used by telecoms to coordinate how texts and calls are routed.
According to the UK National Security Centre SS7 attacks are increasing in regularity.
Ryan Gosling, head of partnerships and Telco at Callsign tells RBI the hack is not a surprise. But he says there are steps banks can take in terms of SS7.
“There have been several documented cases of SS7 breaches in the past. But, due to the underlying historical weaknesses in the technology, it has been difficult to resolve the SS7 vulnerability.
“While some effort has been made by the network operators to address the problem, some SS7 messages just cannot be filtered at the network boundaries. There are some legitimate reasons to send cross-network messages e.g. to set up call roaming.
“Therefore, if hackers can infiltrate any SS7 network, they can send certain SS7 messages to their fraud target’s home network. These can be used to set up misdirection of banking verification codes.”
SS7 attack: possible solutions
He says the solution is three-fold.
“Firstly, banks must adopt a strong and agile governance process in terms of authentication policies. They should also regularly review these policies. Thus they are fully up to date and can adjust their authentication methods as required to mitigate new threats.
“Secondly, they must employ a proactive cybersecurity research arm. In this way they can keep track of the new attacks being made on SS7 and other legacy protocols.
“The final, and most crucial means of combatting the security issues associated with SS7 is to use an intelligence engine to spot anomalous behaviour. All banks can do is gather together as many data points as possible. That is, device, call divert, SIM swap, and roaming statuses from MNOs and specialist services.
“As a result, they build up a picture of their customers. An integrated approach should correlate this data to provide a single view of the person undertaking the transaction and the environmental circumstances around that.
“A feedback loop to the intelligence engine to inform it about known fraud cases can also help it learn about bad behaviour. And recognise that a fraudster is at work based on similar combinations of these data points in the future.”