I guess that's the thing I don't get.. you need to pwn a bank *and then* pwn a t... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		JamisonM on Aug 19, 2021 \| parent \| context \| favorite \| on: Canada calls screen scraping ‘unsecure,’ sets Open... I guess that's the thing I don't get.. you need to pwn a bank and then pwn a telco.. it feels like if it were a probable scenario all these issues with SS7 would be long fixed, so it must be an improbable scenario? My recollection is that we had that once incident in Germany with 02, but never really heard how much was lost and it was the result of a bad policy at 02 that they fixed and was particular to 02.

toast0 on Aug 19, 2021 [–]

If you pwn the telco, and the bank has poor password recovery policiss, you might be able to just recover the password. Or maybe password reuse, etc.

I assume if you pwn a bank, you don't really need 2fa codes, but I dunno

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact