Saturday, November 21, 00:53
Home security Hackers hijack Telegram via an SS7 attack

Hackers hijack Telegram via an SS7 attack

Hackers with access to the Signaling System 7 (SS7) used to connect to mobile networks around the world have been able to access the Telegram messenger and the data of high-profile email individuals in the cryptocurrency business.

The hackers obtained the login codes of two authentication agents (2FA) through the short system messages of the victim's mobile operator.

Hackers hijack Telegram

Well prepared hackers

Hackers who carry out an SS7 attack can track a user's text messages and calls while receiving information for the location of its device as if it were registered in a different network (roaming scenario).

The attack took place in September and targeted at least 20 Partner Communications Company subscribers (formerly known as Orange Israel) - all of whom were involved in high-level cryptocurrency projects.

Tsachi Ganot, co-founder of Pandora Security in Tel Aviv, who investigated the incident and helped the victims regain access to accounts told BleepingComputer that all indications are that an SS7 attack.

Pandora Security specializes in creating secure digital environments and provides technology and cyber services to high-end individuals. Profile, such as prominent business personalities and celebrities. According to Ganot, the customers are some of the richest people in the world.

Ganot tells us that intruders may have forged a network operator's SMSC mobile telephony to send the “update location request” for a targeted phone number to the Partner (other providers may still be vulnerable to this type of attack).

The update request essentially asked Partner to send to the fake MSC all voicemails calls and SMS messages intended for victims.

Ganot says the attackers had a good knowledge of the victims' accounts and passwords their. They knew unique international numbers subscribers and International Mobile Subscriber Identity Numbers (IMSI).

SS7 attacks, while more common in recent years, are not easy to carry out and require good knowledge of the interaction of home mobile networks and its routing. communication in global level.

In this case, the goal of the hackers was to acquire cryptocurrency. Ganot believes that some of the inbox has been compromised in this way to act as a backup method for other email accounts with more data, allowing the threatening agent to achieve his goal.

This method is well known in the cryptocurrency community and users are usually wary of such requests. Ganot says that "as far as we know no one was caught in the bait".

Although sending verification codes via SMS is widely considered insecure in the information community, many services still rely on this practice, putting users at risk.

Today there are better authentication methods than 2FA authentication SMS or calls. The applications created specifically for this purpose or "physical keys" are among the solutions, says Ganot, adding that telecommunications standards need to be moved away from older protocols such as SS7 (developed in 1975), which can not deal with many modern issues.

The Israeli newspaper Haaretz published details of the attack earlier this month, saying that Israel's national intelligence service (Mossad) and the National Cyber ​​Security Authority participated in the investigation.


Please enter your comment!
Please enter your name here

Teo Ehc
Be the limited edition.



Pixel 5: 5 features make it a better choice than the iPhone 12

One of the most exciting smartphone trends of 2020 was the rise of "value flagships" that offer flagship experiences at a lower price ...

How to insert bullets into an Excel spreadsheet

Adding a list of bullets to an Excel worksheet is not simple, but it is possible. Unlike Microsoft ...

iPhone: How to take square photos

The updated iPhone camera app in iOS 14 has changed some settings or added new ones. If you want to take square photos, ...

ELTA email fraud: Phishing email asks you to pay!

ELTA email fraud: Phishing email asks you to pay! Phishing email asks you to pay a fee for parcel delivery.

Microsoft adds consumer features to Teams

Microsoft launched the Teams consumer capabilities on iOS and Android earlier this year. From yesterday, November 19, ...

What are the malware that usually install ransomware?

If you see any of these malware on your corporate networks, stop doing everything and check all your systems.

The LidarPhone attack turns smart brooms into microphones

A group of academics released a new study this week in which they turned a smart vacuum cleaner into a microphone capable of ...

Fake QR codes expose your cell phone to hackers

Nowadays, QR codes are everywhere, as they are easy to use and fast. The word itself means "quick response". The scan ...

Hackers from China, Russia, Iran and North Korea are targeting Canada!

A report published by the Cyber ​​Security Center of Canada, entitled "National Cyber ​​Threat Assessment 2020", warns of risks associated with ...

Apple will pay $ 113 million for deliberate slowdown of iPhones

Apple has agreed to pay millions of dollars in 34 states due to its previous controversial practice of deliberately slowing down older iPhones ...