Cyber Criminals Found a Way to Empty Bitcoin Wallets with the Help of Phone Numbers

It’s been quite a while since the security community has known about the Signaling System 7 or SS7 vulnerabilities. Signaling System 7 is a global set of telephony protocol developed in 1975 which is used primarily to connect one mobile phone network to another. It enables phone networks to send and receive information it needs to make calls and send SMS messages to other networks and also allows users on one network to roam on another while travelling.

Even though the systematic flaw in SS7 was already known publicly since 2014, unfortunately, nothing much has been done about it. Attackers require access to the SS7 network which means that the only ones that can potentially misuse it are those from the government and sophisticated threat actors. Obviously, that isn’t a consolation since it could lead to targeted tracking and monitoring surveillance programs. It doesn’t help that there are reports surfacing regarding the access to the SS7 network which are being “sold” in the dark web which is a common place for cyber crooks.

Recently, the researchers at the Positive Technologies showed how they can empty the Bitcoin wallets using only the SS7 vulnerabilities. Take note that these researchers has access to the SS7 network “for research purposes to identify vulnerabilities and help mobile operators make their networks more secure”. With this access, they were able to reset Gmail passwords using the text message-based two-factor authentication process.

The research team even posted a video about it which shows how easy it is to hack into a Bitcoin wallet with only intercepting text messages. After they reset the Gmail password on the victim’s account, using the eavesdropped SMS message code, they also reset a Coin-base account associated with a registered Gmail account. This only goes to show how risky these flaws can be and how cyber crooks can take advantage o them to access a victim’s SMS messages and gain control of the entire Google accounts as well as other accounts and service that offers text-based authentication, giving the crooks the ability to monitor and track the victim’s device.

This shouldn’t be taken for granted for those services associated with your email accounts such as bank accounts, crypto currency wallets, enterprise accounts and so on. Money and data are both at risk of being targeted or state-backed by cyber criminals.

These security researchers didn’t actually steal anything from anyone’s Bitcoin wallet since they didn’t proceed with the last step, but with just one step they showed how they could’ve completely emptied it.

According to Positive Technologies researcher, Dmitry Kurbatov, “This hack would work for any resource — real currency or virtual currency — that uses SMS for password recovery. This is a vulnerability in mobile networks, which ultimately means it is an issue for everyone, especially services relying on the mobile network to send security codes.”

Obtaining access to SS7 network may not be as difficult as what everyone thought

The SS7 flaws were already used by cyber criminals to launch attacks just like the cases in Germany where the crooks looted from bank accounts while the other is where they used the flaw to target a Congressman that they were able to “record calls and texts, track the Congressman’s location even with the GPS turned off using cellphone tower triangulation and log the phone number of everyone who called his phone.”

Some infamous surveillance companies like Ability Inc., an Israeli firm, have been selling services openly to track on targets by taking advantage of the SS7 flaws. The cyber crooks who can’t afford elite firms like Ability Inc. obtain tjeir access by using the services that are being sold in the dark web, some of which are nothing but scams. “The risk lies in the fact that cybercriminals can potentially buy access to SS7 illegitimately [on] dark web,” Kurbatov stated. He also added that these crooks could preferably attack the SS7 network directly instead of shedding some millions just to but this access.

And even though these kinds of attacks mostly affect Bitcoin wallets, the fact that the attack also works in just about any other service shouldn’t be ignored. Right now, telecom companies are taking their sweet time in slowly removing this protocol. But considering the fact that these vulnerabilities were long discovered before and yet nothing much has changed now, users must take preventive measures and avoid using the SMS-based two-factor authentication process. Some of the telecom companies even force their users to move on to other authentication apps like the Google Authenticator. Aside from that app, the SMS Tracker app could also keep not just your accounts secure but other user’s account as well for it allows you to keep track of SMS message, social media accounts and basically all the apps installed on the device.