
Criminals Are Tapping into the Phone Network Backbone to Empty Bank Accounts - archi42
https://www.vice.com/en_us/article/mbzvxv/criminals-hackers-ss7-uk-banks-metro-bank
======
archi42
Since many commenters on HN don't seem to be aware that 2FA over text messages
is inherently insecure. This article outlines how a sophisticated attacker
doesn't even need to perform the SIM swapping trick as done here
[https://news.ycombinator.com/item?id=19971953](https://news.ycombinator.com/item?id=19971953).

The first report of this technique - that I'm aware of - was at the 2014 31C3
in Berlin. The Motherboard article however is from 2019.

Slides: [https://berlin.ccc.de/~tobias/31c3-ss7-locate-track-
manipula...](https://berlin.ccc.de/~tobias/31c3-ss7-locate-track-
manipulate.pdf)

Talk: [https://media.ccc.de/v/31c3_-_6249_-_en_-
_saal_1_-_201412271...](https://media.ccc.de/v/31c3_-_6249_-_en_-
_saal_1_-_201412271715_-_ss7_locate_track_manipulate_-_tobias_engel)

