[2017-09-22] Stealing Bitcoin with a Name and a Phone Number

[Karartma1]

Researchers from Positive Technologies recently showed Forbes how, using only a name and a phone number, hackers are able to compromise someone’s Google account, and use it to get to that person’s bitcoins or bank account.
Hackers can do this using a flaw in the global telecoms network, that affects what’s known as Signaling System No. 7 (SS7). In a demonstration video, researchers were able to take control of a Coinbase account and do whatever they wanted to with its funds, via an SS7 flaw. Taking into account that Coinbase has over 10.4 million users, a lot of bitcoiners are at risk.


More @ https://www.cryptocoinsnews.com/stealing-bitcoin-with-a-name-and-a-phone-number/

[ecnalubma]

This is very alarming, as our technology develops the risk of getting hacked is also advancing. The SS7 hacking is a big challenge to big companies such as goggle, coinbase etc to make more secure systems and programs to protect its users. Imagine when the time comes that every single human being is wired the damage can be catastrophic when everyone's security is being expose and compromise.

[1Referee]

It's quite an unexpected development, at least for me, but I am quite happy with the fact that I am storing the far majority of my coins offline. The only moments where a certain part of my coins aren't stored offline, is when I have them on-exchange for trading purposes. But in this case my account is properly secured with 2FA through Google authenticator. It's quite shocking that till this day, there are still a whole lot of people not having that feature enabled - it's basically playing Russian roulette with your precious coins. Exchanges should force their traders to activate that feature by default, period. We're living in a time period where more than ever, people's personal information is at risk, and directly also our crypto assets. It only makes sense to max out your account security.

[Rahar02]

An old trick I think, name and phone number will works if people store bitcoin in an exchange, which the lesson is; keep your bitcoin offline and just save small portion in web wallet, in case you want to spend or convert it. Hackers can't easily to get your password, moreover trying to steal bitcoin in offline wallet. So, stay calm and do not be an open book, if you want to provide a phone number for exchange, make sure to use a private number which use only for 2fa, or better to use Google Authenticator.

[Karartma1]

What annoys me the most is that bitcoin adoption is (unfortunately) bound to such services. The average Joe does not understand anything security related: passphrase, private keys import export, and so on. Bitcoin security is still light years ahead of all the crap we have been using but the only problem is always the same: end users

[FrueGreads]

Well I guess this comes as no surprise. I keep hearing John McAfee saying that for users not keep big amounts of bitoins on exchanges because there is exactly where the money is, and where hackers will go. It's quite shocking to know that the majority of people still hold their bitcoins on exchanges and don't even own their private keys. This is asking for trouble of course. Exchanges are the target now, and they need to secure themselves, but users should take some measures and try to hold their coins on their wallets, specially hard wallets.
All this will become much harder when bitcoin allows atomic cross-chain trading, since when this happens, even exchanges wont become centralized.

[Raxitto]

Hackers have proven a failure in the global telecommunications network, affecting what is known as signaling system # 7 (SS7), which needs to be corrected as soon as possible. In a YouTube video demonstration, benevolent hackers from Positive Technologies were able to take control of a Coinbase bitcoin wallet and start stealing funds through SS7 crashes.
The weaknesses of SS7, despite the solutions available for years, remain vulnerable. This failure allows anyone to access telecommunications information to send and receive messages, with various attacks that allow silent text interception (SMS), calls, and location data. (Normally, the SS7 network is used by telecommunications companies to talk to one another, usually to switch customers between operators.)