Table Of Contents
What is SS7 flaw?
SS7 is vulnerable to hacking and this has been known since 2008.
Researchers created a tool (SnoopSnitch) that can warn when certainSS7 attacksoccur against phone and detect IMSI-catchers.
Once the email account was identified, the researchers sent a password request to Gmail servers.
As per the protocol, Gmail sent the one-time authorization codes to the victims phone.
Positive Technology researchers then used the SS7 flaw to intercept the SMS text containing the OTP.
Once they got the OTP, hacking the victims Gmail account and resetting the password was easy.
They immediately chose a new password and took control of the Gmail account.
Using these details they headed to the Coinbase website.
Here also they used the same modus operandi, i.e.
do another password reset using the email they had hacked.
Accessing SS7 hackers has also become easy with easily available IMSI catchers.
Kurbatov told Forbes that there are many websites on the dark web like Interconnector which sell SS7 services.
PoC video of How to Hack Gmail and Bitcoin Wallet using SS7 flaw
Read More
source: www.techworm.net
