Here's How Everyone Can Hack Your Gmail And Bitcoin Wallet With Your Name and Phone Number

SHARE:

SS7 weaknesses, despite fixes being available for years, remain open. They allow anyone with access to that part of the telecoms backbone to send and receive messages to and from cellphones, with various attacks allowing silent interception of SMS texts, calls and location data.

Long back we had published a report how hackers hack WhatsApp using the SS7 flaw. The SS7 flaw has existed for eons now along with fixes but the GSM and Telecom companies are neither inclined nor bothered to patch their infrastructure against the flaw.

Now a cybersecurity company called Positive Technologies has come out with a video detail how anyone can hack any Gmail account with simply a name and a mobile number using the SS7 flaw. After hacking the Gmail account of the victim, the researchers then proceed to steal a Bitcoin Wallet using the same SS7 flaw. The Positive researchers sent their video to Thomas Fox-Brewster, an ace investigative reporter from Forbes along with the details how to achieve the hack.

What is SS7 flaw?

The vulnerability lies in Signalling System 7, or SS7, the technology used by telecom operators, on which the highly secure messaging system and telephone calls rely. SS7 is a set of telephony signaling protocols developed in 1975, which is used to set up and tear down most of the world’s public switched telephone network (PSTN) telephone calls. It also performs number translation, local number portability, prepaid billing, Short Message Service (SMS), and other mass market services.

SS7 is vulnerable to hacking and this has been known since 2008. In 2014, the media reported a protocol vulnerability of SS7 by which both government agencies and non-state actors can track the movements of cell phone users from virtually anywhere in the world with a success rate of approximately 70%. In addition, eavesdropping is possible by using the protocol to forward calls and also facilitate decryption by requesting that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded. Researchers created a tool (SnoopSnitch) which can warn when certain SS7 attacks occur against a phone and detect IMSI-catchers.

How to hack Gmail using the SS7 flaw

In the PoC video, the researchers used a phone number to first crack Google’s email service, Gmail. Once the email account was identified, the researchers sent a password request to Gmail servers. As per the protocol, Gmail sent the one-time authorization codes to the victim’s phone. Positive Technology researchers then used the SS7 flaw to intercept the SMS text containing the OTP. Once they got the OTP, hacking the victim’s Gmail account and resetting the password was easy. They immediately chose a new password and took control of the Gmail account.

Using these details they headed to the Coinbase website. Here also they used the same modus operandi, i.e. do another password reset using the email they had hacked. Coinbase also sent an OTP to the victim’s smartphone which was similarly hacked by the researchers using the same SS7 flaw. Once they had access to the OTP, they could reset the password to the victim’s Bitcoin Wallet and had access to all the bitcoins saved in the wallet.

“This hack would work for any resource – real currency or virtual currency – that uses SMS for password recovery,” said Positive researcher Dmitry Kurbatov told Forbes. “This is a vulnerability in mobile networks, which ultimately means it is an issue for everyone, especially services relying on the mobile network to send security codes.”

Accessing SS7 hackers has also become easy with easily available IMSI catchers. Kurbatov told Forbes that there are many websites on the dark web like Interconnector which sell SS7 services. “The risk lies in the fact that cybercriminals can potentially buy access to SS7 illegitimately [on the]dark web,” Kurbatov noted.

PoC video of How to Hack Gmail and Bitcoin Wallet using SS7 flaw

COMMENTS

Name

AI,4,AMD,1,Android,8,Apple,2,Automobile,1,Bitcoin,2,Blogger,7,Bloging,4,Breakthrough,1,Camera,1,Computer,9,CPU,1,Cryptocurrency,1,CuttingEgde,2,CyberSecurity,5,Download,1,Editing,1,Gaming,44,Giveaway,4,Guide,1,Hacking,3,Hacking News,4,Hardware,18,How To,12,i,4,iOS & Mac,9,iPhone,8,Laptop,1,Leak,6,Malwares,1,Marketing,2,Mobile,46,News,5,Notebook,2,Programming,14,Robotics,2,Rumor,5,Science,1,Security,14,SEO,2,Social Media,5,Software,14,Tablet,1,Technology,42,Weapon,1,Web,11,Website,1,Windows,1,
ltr
item
TechFonder: Here's How Everyone Can Hack Your Gmail And Bitcoin Wallet With Your Name and Phone Number
Here's How Everyone Can Hack Your Gmail And Bitcoin Wallet With Your Name and Phone Number
SS7 weaknesses, despite fixes being available for years, remain open. They allow anyone with access to that part of the telecoms backbone to send and receive messages to and from cellphones, with various attacks allowing silent interception of SMS texts, calls and location data.
https://1.bp.blogspot.com/-8mJSU0FHthk/WcerA0gUf3I/AAAAAAAAAmY/9MclNReTotE0urrOlpQ8RxclMnaz30VWgCLcBGAs/s400/Bitcoin-gmail-hack.jpg
https://1.bp.blogspot.com/-8mJSU0FHthk/WcerA0gUf3I/AAAAAAAAAmY/9MclNReTotE0urrOlpQ8RxclMnaz30VWgCLcBGAs/s72-c/Bitcoin-gmail-hack.jpg
TechFonder
http://www.techfonder.com/2017/09/everyone-can-hack-your-gmail-and.html
http://www.techfonder.com/
http://www.techfonder.com/
http://www.techfonder.com/2017/09/everyone-can-hack-your-gmail-and.html
true
4189235006833635040
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy