Telecom-based attacks such as SMS toll fraud and 2FA hijacking have evolved into a mainstream concern for CISOs.
Messaging channels have long been the darling of growth and customer experience teams. They unlock a range of use cases: activating dormant users, allowing users to safeguard their accounts using a SMS-based two-factor authentication (2FA), and more. SMS and voice channels have been leading the charter across industries and, according to one study, these channels have been and will continue to be heavily leveraged.
However, attackers follow money. Telecom-based attacks such as SMS toll fraud and 2FA hijacking have evolved into a mainstream concern for chief information security officers (CISOs), and have already affected the likes of X and many other enterprises. Elon Musk was the first prominent personality to show the damage that toll fraud brings to business.
The Perils of an Invisible Chain and Trust-Based Architecture
Signaling System 7 (SS7), a critical component of the global telecommunications infrastructure allowing different networks to interoperate, is responsible for services such as messaging and voice calls. However, in the world of zero-trust architecture, SS7 still relies on the archaic trust-based architecture. Inherently, a trust-based architecture assumes that all participants are honest and legitimate, which the attackers exploit. They either take over a legitimate but less secure operator or pose as a legitimate operator in the middle...
Tags
#Authentication
#TDoS
#Toll Fraud
#Call Pumping
