New Exploit Threatens 9,000 Hackable Cisco Routers
If the connectivity and security of your organization rely on Cisco RV320 or RV325 Dual Gigabit WAN VPN routers, then you need to immediately install the latest firmware update released by the vendor last week.
Administrators who have not yet applied the firmware update are highly recommended to change their router’s admin and WiFi credentials considering themselves already compromised.
How safe is your Gmail? And how safe is your bitcoin wallet? Well, not very much as proved by some senior hackers from Positive Technologies. They can hack Gmail account in a jiffy.
In a video demonstration, the seasoned hackers proved how easy it is to hack Gmail account and then hack a bitcoin wallet on Coinbase and steal the coins; all thanks to a recently discovered flaw by in the global telecoms network system.
The flaw lies in the Signaling System Number 7 (SS7) of the global communication network; hackers can easily exploit it to take over a Bitcoin wallet or hack Gmail accounts.
What is SS7 and how bad is the flaw in it?
SS7 is a network layer used by telecom companies all over the world; mostly, to move customers from one network to another while roaming. This network has been prone to glitches and safety issues for years and despite many fixes, the issues have remained open and many a time, exposed by the hackers.
Hackers exploit the glitches in SS7 to access the network and get complete control over the communication channels. This also includes making calls, receiving and sending text messages, and the ability to track call data, texts, and user location.
How Hackers Hack Gmail Account?
In a video demonstration, the hackers from Positive Technologies that hacking a Gmail account is a walk in the park provided you have to control over the SS7 network.
Initiating the hacking process, the hackers identified a valid Gmail email address by using a phone number. After identifying the email address, the users started a password reset process of Gmail. As a user’s phone is used to send authorization codes for password reset, the hackers intercepted the recovery messages sent on the user’s phone and eventually got a new password. The Gmail account was now under their control.
Now, having complete control over Gmail, they could easily go to Coinbase platform and initiate the password reset process there. As the password reset instructions are sent to the user’s email address, they could easily change the Coinbase account password and do whatever they want with the Bitcoins present in the account.
What else can you lose with SS7 flaws?
The effects of glitches in the SS7 are not just affecting your access to your Gmail account or the Coinbase Wallet. Moreover, nowadays, we are getting more and more dependent on our Gmail accounts to access different Google Applications and other important third-party applications.
Imagine losing access to your Gmail account; also losing access to all your Google applications and third-party applications one by one. It is no less than a nightmare; especially when you have personal accounts, financial accounts, and other important information connected to your Gmail account.
The global network managers are yet to decide how long it will take to fix the flaws. But one thing is for sure that SS7 flaws are a real-time threat to everyone; especially those whose online services are connected to their phones for security purposes.