Ryan Gosling, Head of Partnerships and Telco at Callsign

A number of banks have reportedly fallen victim to a sophisticated two-factor authentication (2FA) bypass attack after hackers were able to compromise a known vulnerability in the SS7 protocol.
Commenting on the breaches, Ryan Gosling, Head of Partnerships and Telco at authentication vendor Callsign said that the hacks are unsurprising but there are steps that banks can take in terms of SS7, so they don’t suffer a similar fate.
“There have been several documented cases of SS7 breaches in the past,” he commented. “But, due to the underlying historical weaknesses in the technology, it has been difficult to resolve the SS7 vulnerability.”
Whilst efforts have been made by network operators to address the problem, some SS7 messages cannot be filtered at the network boundaries because of some legitimate reasons to send cross-network messages, he said: “Therefore, if an attacker can infiltrate any SS7 network, they can send certain SS7 messages to their fraud target’s home network,” pointed out Gosling. “These can be used to set up misdirection of banking verification codes.”
The solution, he advised, is three-fold: “Firstly, banks must adopt a strong and agile governance process in terms of authentication policies,” explained Gosling. ”They should also regularly review these policies, so that they are fully up to date and can adjust their authentication methods as required to mitigate new threats. Secondly, they must employ a proactive cybersecurity research arm, which can keep track of the new attacks being made on SS7 and other legacy protocols. The final, and most crucial means of combatting the security issues associated with SS7 is to use an intelligence engine to spot anomalous behaviour. All banks can do is gather together as many data points as possible: device, call divert, SIM swap, and roaming statuses from MNOs and specialist services, in order to build up a picture of their customers. An integrated approach should correlate this data to provide a single view of the person undertaking the transaction and the environmental circumstances around that. A feedback loop to the intelligence engine to inform it about known fraud cases can also help it learn about bad behaviour, and to recognise that a fraudster is at work based on similar combinations of these data points in the future.”

by Guy Matthews