Cybercriminals have been exploiting flaws in Signalling System No. 7 (SS7), also known as CCITT number 7 or C7 in the UK, a set of telephony signalling protocols, to target mobile subscribers using their devices to conduct banking - draining their accounts of cash in the process.
The SS7 protocols were developed in the 1980s and are used by more than 800 telecoms companies globally: they supply metadata required to set-up calls and also underpin data communications between different telecoms companies' networks.
Today, they are also used to ensure that text messages can be sent between people in different countries, and to ensure that phone calls are uninterrupted when travelling on an over ground train. It can even be used to eavesdrop on calls and track users' locations.
Weaknesses within the protocol have been known about since at least 2014 and, in January, criminals exploited it to bypass the mobile-phone-based two-factor authentication method that banks use to protect unauthorised withdrawals from online accounts, German newspaper Suddeutsche Zeitung has reported.
Specifically, telecoms company O2 in Germany confirmed that some of its customers had their accounts drained by hackers in a two stage process.
The first stage involved bank-fraud Trojans that enabled the attackers to harvest user names, passwords, phone numbers and bank account details by directly infecting account holders' computers.
Attackers then used SS7 to intercept and redirect text messages used by the banks to send ‘one off' passwords to their own numbers to authorise payments and bank transfers. They then used the mTANs - mobile transaction authentication numbers - to transfer money out of a targeted account.
In addition to infecting the victims with Trojan horse malware, the attackers would have required inside access to a telecoms company in order to compromise SS7.
"Criminals carried out an attack from a network of a foreign mobile network operator in the middle of January," a representative with Germany's O2 Telefonica told Süddeutsche Zeitung.
"The attack redirected incoming SMS messages for selected German customers to the attackers."
The foreign operator has since been blocked, and any customers that were affected were informed of the breach. The SS7 flaw is yet to be fixed, which means that it is likely that there will be a boom in similar attacks coming very soon.
Latest Tesla news: Tesla share price continues to fall after Saudi Arabia's sovereign wealth fund is linked to investment in rival
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
RTX 280 Ti will come with 11GB of fast GDDR6 video RAM with a 352-bit memory bus offering 616Gbps
The scale of jobs lost to automation will be at least as large as those in the first three industrial revolutions
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC