Cybercriminals have been exploiting flaws in Signalling System No. 7 (SS7), also known as CCITT number 7 or C7 in the UK, a set of telephony signalling protocols, to target mobile subscribers using their devices to conduct banking - draining their accounts of cash in the process.
The SS7 protocols were developed in the 1980s and are used by more than 800 telecoms companies globally: they supply metadata required to set-up calls and also underpin data communications between different telecoms companies' networks.
Today, they are also used to ensure that text messages can be sent between people in different countries, and to ensure that phone calls are uninterrupted when travelling on an over ground train. It can even be used to eavesdrop on calls and track users' locations.
Weaknesses within the protocol have been known about since at least 2014 and, in January, criminals exploited it to bypass the mobile-phone-based two-factor authentication method that banks use to protect unauthorised withdrawals from online accounts, German newspaper Suddeutsche Zeitung has reported.
Specifically, telecoms company O2 in Germany confirmed that some of its customers had their accounts drained by hackers in a two stage process.
The first stage involved bank-fraud Trojans that enabled the attackers to harvest user names, passwords, phone numbers and bank account details by directly infecting account holders' computers.
Attackers then used SS7 to intercept and redirect text messages used by the banks to send ‘one off' passwords to their own numbers to authorise payments and bank transfers. They then used the mTANs - mobile transaction authentication numbers - to transfer money out of a targeted account.
In addition to infecting the victims with Trojan horse malware, the attackers would have required inside access to a telecoms company in order to compromise SS7.
"Criminals carried out an attack from a network of a foreign mobile network operator in the middle of January," a representative with Germany's O2 Telefonica told Süddeutsche Zeitung.
"The attack redirected incoming SMS messages for selected German customers to the attackers."
The foreign operator has since been blocked, and any customers that were affected were informed of the breach. The SS7 flaw is yet to be fixed, which means that it is likely that there will be a boom in similar attacks coming very soon.
Electronics and computer chain the latest high street retailer to fall into difficulties
Incisive Media and Investec Asset Management supported fundraiser crosses Atlantic in 40 days
Alphabet's health sciences division Verily have been messing with AI algorithms
North Korea's cyber attack capabilities are expanding fast - and turning their fire on a wider range of targets