Malware, Network Security, Vulnerability Management

Researchers show how attackers can exploit SS7 exploits to drain Coinbase accounts

Researchers used long-standing vulnerabilities in the Signalling System No. 7 (SS7) telecom network protocol to gain access to and steal from a test account that they recently registered on the Coinbase bitcoin exchange platform.

According to Positive Technologies, whose researchers pulled off the video demonstration, all that was initially needed to compromise the Coinbase account via SS7 was the account holder's first and last names and phone number. Researchers also needed the account holder's Gmail address, but they managed to obtain that information as well by capitalizing on SS7's flaws.

By exploiting SS7, which many experts say lacks the necessary safeguards to prevent abuse, the researchers were able to intercept SMS text messages that are sent to the phone numbers of Gmail or Coinbase users who are trying to reset their passwords using two-factor authentication. Anyone with access to the SS7 system can intercept such texts, which contain verification codes that users must enter in order to update their account credentials. By stealing these codes, attackers can easily take over the corresponding accounts. In Coinbase's case, this could result in users being drained of their virtual funds.

In a press release, Positive Technologies noted that a real-life attack of this nature occurred in Spring 2017, when cybercriminals intercepted texts containing online banking authentication codes that were sent to customers of German mobile company Telefonica Germany (O2), and used these codes to carry out financial transactions.

"Unfortunately, it is still impossible to opt out of using SMS for sending one-time passwords. It is the most universal and convenient two-factor authentication technology," said Dmitry Kurbatov, head of telecommunications security department at Positive Technologies, in the release. "All telecom operators should analyze vulnerabilities and systematically improve the subscriber security level."

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.