Flaws in SS7 exploited to empty bank accounts of the Metro Bank in the UK

• The National Cyber Security Center (NCSC) confirmed that it is aware that hackers are exploiting the SS7 to intercept codes used for banking.
• Metro Bank has notified the law enforcement agencies about the attack.

The Metro Bank in the UK has fallen victim to a malicious Signaling System 7 (SS7) attack. The flaws in SS7 were previously exploited by hackers to intercept text messages and track phones across the globe. However, the cybercriminals have taken this attack to an all new level by emptying bank accounts of victims.

Details of the attack

According to Motherboard, the National Cyber Security Center (NCSC) said that it is aware of latest targets of cybercriminals. The NCSC confirmed that the hackers are exploiting the SS7 to intercept codes used for banking. SS7 is a protocol used by telecom companies to coordinate how they route texts and calls around the world.

"We are aware of a known telecommunications vulnerability being exploited to target bank accounts by intercepting SMS text messages used as 2-Factor Authentication (2FA)," the NCSC told Motherboard.

“Some of our clients in the banking industry or other financial services; they see more and more SS7-based [requests]. All of a sudden you have someone’s text messages,” Karsten Nohl, a researcher who worked on SS7 for years, told Motherboard.

Actions taken

Meanwhile, Metro Bank has acknowledged that it has faced an SS7 attack. The firm has notified the law enforcement agencies about the attack. It believes that a small number of its customers may have been impacted by this attack.

“Of those customers impacted by this type of fraud, an extremely small number have been Metro Bank customers and none have been left out of pocket as a result. Customers should continue to remain vigilant and report any suspicious activity using the number on the back of their card or on our website,” said the firm, Motherboard reported.

Metro Bank has enhanced its security protections to prevent such attacks. In addition, it has advised customers to review their bank account for any suspicious activity.

“At Metro Bank we take our customers’ security extremely seriously and have a comprehensive range of safeguards in place to help protect them against fraud. We have supported telecommunication companies and law enforcement authorities with an industry-wide investigation and understand that steps have been taken to resolve the issue,” the firm added.