Re: The "solution" is simple.
well, fines to whom? Regardless what SS7 is, I would not find it OK to make this now a TelCo bashing:
- first you need someone to break into your phone/computer and get your online banking data. With all known issues about security n the Internet, this is a matter of personal responsibility. Not only technology of the 70 (SS7) meets 2017 here, but also a common technical understanding of the average user limited to the past millenium is needed to make such an attack possible.
- It is the BANKS who - despite better knowledge in their IT departments I suppose - implemented an authentication system that is convenient but not secure! Banks normally are never responsible for anything, we know since a while, that they earn on ANY transaction regardless who pays to whom ....
- Use TAN generators, or the good old paper-TAN-letter (you can personally pick it up on your bank) or anything else that is secure! Those systems existed long before smartphones and they worked well, even allowing you internet banking.
- Now it happened in O2, but SMS works pretty much the same in all European operators.
BTW: Install Tor browser and get access to a different internet. Many SS7 hosts are compromised and we have boxes connected to the global SS7 network that should definitely not be there. I think that statement about renting an E1 link is by today as outdated as SS7 itself ... you dont need that patience. In the worst case, pay 10kEUR and you get what you need, SS7 access included.
AND: You can do much more, as e.g. track locations or tap calls as well. This has long been published and was even commercialized in countries like US. Any surprises now ?
Biting the hand that feeds IT
