Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
adv ex on 5 january 2024
adv ex on 22 February 2024
adv ex on 22 February 2024
banner Expire 26 April 2024
Rescator cvv and dump shop
banner expire at 13 May

Yale lodge shop
UniCvv
banner Expire 1 April  2021

Premiums

TRUSTED VENDOR
Joined
Dec 5, 2020
Messages
1,314
How Hacker Can Empty Ur Bitcoin Wallet Using Ur Phone no & Email

Security of SMS-based two-factor authentication has been long-debated. Despite flaws in Signalling System No. 7 (SS7), which is an internationally used telecom protocol to route texts and calls, it continues to be used at a large scale in banking and other services.

The security researchers Positive Technologies have shown how a bitcoin wallet can be hacked using SS7 vulnerabilities. By getting their hands on SS7 network, the hackers were able to reset the Gmail passwords using SMS-based two-factor authentication.

A big flaw in SMS-based 2FA is that the one-time password can be accessed on a variety of devices and services, which might have their own flaws. Thus, the attack surface increases. On the other hand, the true 2FA, which is like a push notification popup, sends the verification prompt to one device.

In a video posted by the researchers, which is embedded below, it’s shown how easy it is to carry out the attack. By intercepting the text messages in transit, the hackers can take control of your Gmail account and any other service associated with it.

Not just cryptocurrency wallets, this flaw puts your banking and social media accounts at risk. “This hack would work for any resource – real currency or virtual currency – that uses SMS for password recovery,” the researchers told Forbes.

Getting access to the SS7 network is the biggest barrier one needs to cross. The cybercriminals can buy the access on the dark web. In the past, at least at one occasion, SS7 was used to empty bank accounts. According to Forbes, many surveillance companies are also selling services to spy using SS7 flaw.

What should the user do?

As stressed earlier, SS7 flaw has been known to the telecom industry from a long time. So, unless they don’t take steps to make it more secure, the users need to take steps on their own. You can use tools like Google Authenticator, Google prompt, or security key for extra security.
 
Top Bottom