Security News > 2017 > May > Criminals are Now Exploiting SS7 Flaws to Hack Smartphone Two-Factor Authentication Systems (Schneier on Security)

I've previously written about the serious vulnerabilities in the SS7 phone routing system. Basically, the system doesn't authenticate messages. Now, criminals are using it to hack smartphone-based two-factor authentication systems: In short, the issue with SS7 is that the network believes whatever you tell it. SS7 is especially used for data-roaming: when a phone user goes outside their own provider's...

News URL

https://www.schneier.com/blog/archives/2017/05/criminals_are_n.html