Be careful with your Bitcoin wallet !!!

How hackers attack your online Bitcoin wallet

Over the years, researchers have warned about serious problems with Signaling System 7 (SS7) - the set of phone protocols can allow hackers to hear personal phone calls and read text messages on a large scale, despite the most advanced encryption used by mobile networks.

Created in the 1980s, the SS7 is a collection of telephone protocols that can house more than 800 telecom operators around the world, including AT & T and Verizon to connect and exchange data, such as routing calls and texts together, allowing roaming and many other services.

Although many fixes have been released, global mobile networks have always ignored the issue and argue that exploiting the SS7's weaknesses requires large technical and financial investments, The risk to the user is extremely low.

However, earlier this year, we witnessed a real attack, and the hacker used a design flaw in SS7 to clear the victim's bank account by blocking the two-factor authentication code. (one time password or OTP authentication code) sent to the client and redirected to the hacker.

White hat hackers from Positive Technologies have demonstrated that cyber criminals can exploit the SS7 vulnerability to control online Bitcoins to steal victims' money.

This is how hackers attack Bitcoin and steal money

To prove the attack, the Positive researchers got the Gmail address and phone number of the target, then requested a password reset for the account, including sending a one-time token to the number. phone's goal.

Just like in earlier SS7 hack attempts, researchers blocked 2FA SMS messages by exploiting the known design flaws in SS7 and accessing Gmail mailboxes.

From there, researchers access directly the Coinbase account registered with the compromised Gmail account and initiate another password for the victim's Coinbase wallet. After that, they log into the wallet and take out all the money in it.

The above is just an example of an SS7 vulnerability attack, however, they are not limited to cryptocurrency wallets. Any service, such as Facebook, Gmail based on two factor authentication, is easily attacked.

We need to avoid using 2 factor authentication through SMS to receive OTP code. Instead, rely on encryption-based security keys as a second factor of authentication.

Sort:  

Awesome, thanks for sharing this detailed information. The people should really keep in mind the safety of their cryptocurrencies as this could be a lucrative robbery for hackers..

Also have a look at what McAfee said about this!

Many useful information, you did a great job, I find it useful. Follow you.

The group Steemit Community Quality Support grows well, the posts I read are getting better, this is a good signal for Steemit. I do all by myself, I hope you understand that I can not always follow all posts. Thank you for your support and for sharing in this group. your post was upvoted for its quality and originality!

Shortly there will be a trail that will upvote for the best posts, there are already people who will give me their upvote in trust for my work. Continue with this great job, soon the benefits of the group will grow.

You're welcome.
Thank you for your vote.

This post has been ranked within the top 80 most undervalued posts in the first half of Sep 22. We estimate that this post is undervalued by $8.42 as compared to a scenario in which every voter had an equal say.

See the full rankings and details in The Daily Tribune: Sep 22 - Part I. You can also read about some of our methodology, data analysis and technical details in our initial post.

If you are the author and would prefer not to receive these comments, simply reply "Stop" to this comment.