A new type of hacker attacks using cellular networks. Such attacks are very effective for hacking accounts in services in which registration, login confirmation or password recovery is performed by phone number.
Hackers exploit SIM swapping and vulnerabilities in mobile communications networks known as SS7. The hacking service is relatively cheap – from $ 16. Operators are powerless against such an attack, since it is tied to fundamental vulnerabilities in communication technologies.
The attacker intercepts the victim’s SMS messages, and this happens unnoticed. Communication is not broken, just messages come to someone else’s phone (you can see the fact of receiving messages only in the statement from the operator). Using codes from SMS, you can hack accounts in instant messengers, social networks and other services, confirm transactions in the bank, and much more.
Such attacks have been used before, but now they are on stream. The worst thing is that ordering such an attack against any person is very cheap, and anyone can do it.
It is not easy to protect yourself from such attacks. The fact is that many services have abandoned passwords and provide for confirmation of entering an account or confirmation of actions solely with the help of a code that comes via SMS. Services that really care about the safety of users (for example, Telegram) provide an additional layer of protection – for example, a password that must be entered after the SMS code and which is known only to the user. Taking into account how vulnerable cellular networks are, it is much more reliable to rely not on SMS, but on passwords, and they must be complex and unique.