Metro Bank has reportedly fallen victim to a sophisticated two-factor authentication (2FA) bypass attack after hackers infiltrated a telecoms firm’s text messaging protocol.
The Signalling Systems No. 7 (SS7) protocol is used by telecom firms to coordinate how texts and calls are routed around the world. But according to Motherboard, hackers are more actively exploiting SS7, and intercepting 2FA text messages to gain access to bank accounts such as those with the UK’s Metro Bank.
The attack mechanism is highly sophisticated, and was therefore once thought of as beyond the technical capabilities of conventional cyber criminals.