SMS Two Factor Authentication Hack

in January, attackers exploited well-known SS7 weaknesses to bypass two-factor authentication banks used to prevent unauthorized withdrawals from online accounts. After first using traditional Banking Trojan implants to perform the first stage of account compromise, and learning the account balances, they then selectively compromised the SS7 system to redirect the text messages banks used to send one-time passwords. Instead of being delivered to the phones of designated account holders, the text messages were diverted to numbers controlled by the attackers. The attackers then used the mobile transaction authentication numbers to transfer money out of the accounts. For the full episode, visit https://twit.tv/sn/611 Subscribe: http://twit.tv/subscribe About us: TWiT.tv is a technology podcasting network located in the San Francisco Bay Area with the #1 ranked technology podcast This Week in Tech hosted by Leo Laporte. Every week we produce over 30 hours of content on a variety of programs including Tech News Today, The New Screen Savers, Mac Break Weekly, This Week in Google, Windows Weekly, Security Now, All About Android, and more. Follow us: http://twit.tv http://twitter.com/twit https://www.facebook.com/TWiTNetwork https://www.instagram.com/twit.tv