Security experts for several years repeatedly warned about critical vulnerabilities in the Signaling System 7 (SS7) protocols, which are actively used by many cellular providers. These vulnerabilities allow attackers to intercept phone calls and view the contents of SMS messages, despite the advanced encryption algorithms implemented by cellular operators. But this is not limited to - now criminals exploit problems in SS7 to steal funds from accounts of mobile banking users.

According to the publication Suddeutsche Zeitung, some customers of the German cellular operator O2-Telefonica lost their funds in their bank accounts as a result of an attack in which the attackers intercepted codes for two-factor authentication and used them to access the accounts.

In 2014, German researchers demonstrated how an attacker with access to telecommunications operator systems can, through SS7, locate a particular cellular subscriber, intercept calls or messages.

In this case, the cybercriminals exploited the two-factor authentication system used by banks in Germany to protect customers and their online transactions. This mechanism assumes the use of the transaction ID sent by the bank in an SMS message, when performing an operation, for example, transferring funds from an account to an account.

The attack was conducted in two stages.

On the first, attackers infected the victim's computer with a bank trojan, which abducted the login and password to the bank account, and also viewed the account balance and the mobile phone number of the user. Further, attackers bought access to a fictitious base station simulating the operator of communication, and set up a redirect from the victim's number to their mobile phone.

At the next stage, as a rule, at night, scammers logged in to the user's bank account, transferred money to other accounts, and, having received the transaction ID, completed the transaction.