An old vulnerability in the Signalling System No. 7 (SS7) telecom network protocol was used by Positive Technologies researchers to access and steal data from a test account, which they had registered recently at Coinbase, a bitcoin exchange platform. It is thus, identified that through exploiting the SS7 flaw, an attacker could access text messages containing authentication codes and make financial transactions from the Bitcoin platform.

In its press release, Positive Technologies stated that this had already happened in spring of 2017 when cybercriminals managed to access text messages containing online banking authentication codes sent to customers of Telefonica Germany (O2), a German mobile firm and used the codes to make financial transactions.

Positive Technologies’ research revealed that they just needed to use the SS7 flaw to compromise Coinbase account was the first and last names and the phone number of the account holder and his Gmail address. Through exploiting the SS7 flaw, researchers intercepted SMS text messages sent to Gmail phone numbers and Coinbase users trying to change their passwords using two-factor authentication.

Whoever can access the SS7 system can also intercept texts containing verification codes which can be stolen by attackers to gain full control of the accounts. In case of Coinbase, virtual funds can easily be extracted from the account.

According to Positive Technologies’ head of telecommunications security department Dmitry Kurbatov:

“Unfortunately, it is still impossible to opt out of using SMS for sending one-time passwords. It is the most universal and convenient two-factor authentication technology. All telecom operators should analyze vulnerabilities and systematically improve the subscriber security level.”
The SS7 system is used by telecom operators for ensuring full protection of text messages and telephone calls. It is a set of telephony signaling protocols that are used to set-up and tear down a majority of PSTN/public switched telephone network calls around the world.

Furthermore, it performs many important functions like prepaid billing, local number portability, translation of numbers and SMS (short messaging service) along with other main telecom services.

It was developed in 1975 while in 2008 it was identified to be vulnerable to hacking. In 2014, it was reported that the SS7 vulnerability could be used by governmental agencies and non-state actors alike to track the movements of mobile phone users from any location around the world with 70% accuracy.

Positive Technologies shared a video detailing the way a hacker can compromise a Gmail account through using basic information such as mobile number just because of the SS7 flaw. When hacking was successful, researchers showed how the same SS7 flaw could be used to compromise a Bitcoin wallet.

thx @whiteLight for sharing that info, I was to use Coinbase soon, now what is the safest BTC wallet to use?

with hackers and damnit thiefs and bandits at every corner on your life, where the world is going..

Originally Posted by Rhialto

thx @whiteLight for sharing that info, I was to use Coinbase soon, now what is the safest BTC wallet to use?

with hackers and damnit thiefs and bandits at every corner on your life, where the world is going..

If you just want to buy BTC from a company and send to an other wallet, coinbase is one of the best.

Even though coinbase is considered as a very safe company, if you want to buy BTC and hold those for future use, i wouldn't recommend to hold your BTC on any of those companies though. IMO it's safer to hold your BTC on your personal PC (there are many good wallets to download/install). If you are an experienced user and you don't visit any dodgy sites or you don't open any random links, there is a small chance your personal PC to get hacked.

Just my two cents!

thanks @TheTrader I really appreciate your input