Researchers from Positive Technologies recently showed Forbes how, using only a name and a phone number, hackers are able to compromise someone’s Google account, and use it to get to that person’s bitcoins or bank account.
Hackers can do this using a flaw in the global telecoms network, that affects what’s known as Signaling System No. 7 (SS7). In a demonstration video, researchers were able to take control of a Coinbase account and do whatever they wanted to with its funds, via an SS7 flaw. Taking into account that Coinbase has over 10.4 million users, a lot of bitcoiners are at risk.
An SS7 weakness essentially allows anyone with access to the telecoms backbone to send and receive messages from specific cellphones, with some attacks allowing texts, calls, and location data to be intercepted by the hackers.
Positive Technologies’ researchers first used Gmail to find an email account with just a phone number. Then, they reset that account’s password, which prompted a one-time authorization code to be sent to the victim’s phone. Using their SS7 exploit, they intercepted the text and got the code, effectively taking control of the account. Then, they did the same thing to the victim’s Coinbase account,
Oh really