Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A targetted SMS interception attack looks like something something SS7 or SIM swap/social engineering, but a wide net attack looks like pwn the telco and get ssh access to an SMS gateway (or logs, or a database with content), or an aggregator, or a middleman SMS provider between aggregator(s) and carriers, or posing as a legit (or grey route) middleman and getting in routing and then snooping on stuff. Or just a highly priviledge position at a carrier or sms aggregator.

If your wide net lets you see 2FA codes, sometimes you can do stuff.



I guess that's the thing I don't get.. you need to pwn a bank and then pwn a telco.. it feels like if it were a probable scenario all these issues with SS7 would be long fixed, so it must be an improbable scenario?

My recollection is that we had that once incident in Germany with 02, but never really heard how much was lost and it was the result of a bad policy at 02 that they fixed and was particular to 02.


If you pwn the telco, and the bank has poor password recovery policiss, you might be able to just recover the password. Or maybe password reuse, etc.

I assume if you pwn a bank, you don't really need 2fa codes, but I dunno




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: