once again succeeded in criminals, to bypass the mTAN method, long time is considered to be safe, and in this way leerzuräumen accounts of users of online banking. 2015 customers of Deutsche Telekom are affected in a similar case . Now customers of O2 are advised according to information of the Süddeutsche Zeitung of criminals targeting, what could be also due to that Deutsche Telekom had increased the obstacles by it was complicated to apply for a new SIM.
people in Germany are affected by the new wave of fraud according to the German newspaper. O2 has now probably taken steps to prevent this scam.
“A criminal attack from a foreign provider network has mid-January led that incoming SMS to scattered telephone numbers in Germany were diverted illegally”, explained how the company compared with the journal. The provider was now locked and informing customers. The police are still investigating.
for the affected customers, the incident is just doubly infuriating. You must have first accused to have fell on a phishing email and disclose their credentials for banking unauthorized. Secondly the criminals took advantage of already [19459003knownforyears] and several times publicly denounced security hole in SS7 one, which already had can be closed by the telecommunications providers. According to German newspaper you have met in April in Berlin, to discuss.
almost daily is reported about the loss of access data. Users with the activation of a two-factor authentication can help guard against the misuse of this information. The following article explains how that works exactly.
the criminals shipped first mails, to lure their recipients on so-called phishing sites, so Web pages that are the real login pages of banks perceived to deceptively real. There they asked a pretext – ironically security reasons are often called to – account number, password and mobile phone number off. Account number and password then used it once to gain an impression of the assets.
when they came to the conclusion that an attack could be worthwhile, she applied for a new SIM card for the mobile phone number. They then exploited the vulnerability in SS7 to redirect the TAN number in every payment operation sent on this phone number. The hackers accessed to the so-called home location register (HLR), a database that allows to check providers with each other, if a SIM card is valid.
access to this database, which should be actually reserved for providers, are available on the black market for around 1000 euros by SZ respondents according to experts. Which provider the or the approaches used for the current attack were corrupted and to what extent it is involved, is still unclear. Only thing that is clear is that network operators already had should ensure that redirects for issued by them can also just make SIM cards.
this is confirmed by BSI President Arne Schönbohm also:
point to the weaknesses in the SS7 Protocol we already since some years back. Cyber attackers now have the necessary resources and the necessary know-how, to exploit these vulnerabilities, even if it means a certain amount in this case. If we want a successful digitization, then we can not afford that vulnerabilities for extended periods remain open. Information security is a prerequisite for a successful digitisation. Also in relation to the online banking the BSI recommends already for a long time, to refrain from the use of mTAN procedures and use instead as processes with TAN generators. Who heeded our recommendations on the subject of online banking, we have published on our Web site “ BSI for citizens “, which has made a big step to more security in the digital world.”
get to know the building blocks of enterprise cloud platform in this audio Webinar. Learn how to achieve maximum freedom and flexibility for your applications. More outcome achieved with less input – specific application examples. [Update: the webinar has already occurred.] Register now and look at the record.
[withmaterialfromPeterMarwan silicon.de ]