Cryptocurrencies like Bitcoin make a big deal of their security; theoretically, they are almost impossible to hack. Every transaction is stored in a ‘digital ledger', shared across multiple machines; an attacker would need to compromise every computer in the chain to successfully hack the system. However, the digital wallets that hold these currencies cannot boast the same security.
Cyber security firm Positive Technologies has demonstrated a successful hack on a digital wallet using SS7 security flaws. SS7 is shorthand for Security System No. 7, a set of telephony signalling protocols developed in the ‘70s and used across many telephone services, including SMS messages.
With knowledge of just the first name, last name and phone number of a Coinbase (a large Bitcoin exchange) user, Positive Technologies was able to intercept SMS messages with one-time passwords and use this to learn the email address linked to the (test) wallet. This was used to gain control over the wallet itself and withdraw currency.
SS7 attacks can be launched ‘from anywhere', says Positive Technologies. It has been monitoring vulnerabilities in the system for some time, recently highlighting the first such attacks in Germany. In that case, criminals intercepted text messages with online banking authentication codes sent to Telefonica Germany (O2) customers, and use them to carry out illegal transactions.
"We work in close coordination with telecom operators to discover threats before hackers do, in order to protect subscribers," said Dmitry Kurbatov, head of the telecommunications security department at Positive Technologies. "Exploiting SS7-specific features is one of several existing ways to intercept SMS. Unfortunately, it is still impossible to opt out of using SMS for sending one-time passwords; it is the most universal and convenient two-factor authentication technology. All telecom operators should analyse vulnerabilities and systematically improve the subscriber security level."
Much of today's AI is narrowly focused on specific tasks - a far cry from the general AI envisioned by the early pioneers
US space agency believes the crater could have preserved ancient organic molecules from the water that flowed there billions of years ago
Valve quietly closes down hardware initiatives launched following Windows 8
Scientists create a virtual reality simulation of a black hole sitting at the centre of the Milky Way
Simulations like this can help people understand complicated systems in the universe in a better way