The bank confirmed to the publication it had faced an SS7 attack. Those who exploit SS7 can potentially track phones across the other side of the planet, and intercept text messages and phone calls without hacking the phone itself.
Hackers have long exploited flaws in SS7, a protocol used by telecom companies to coordinate how they route texts and calls around the world. With SS7, the hackers can intercept this text and enter it themselves. Exploiting SS7 in this way is a way to circumvent the protections of two-factor authentication (2FA), where a system not only requires a password, but something else too, such as an extra code.
The National Cyber Security Centre (NCSC) also confirmed this latest issue. According to Banking Technology, the Metro Bank incident seems to be the first publicly reported case of a UK bank falling victim to an SS7 attack.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now