Recent technology developments have resulted in the merging of legacy SS7 telephone network and Internet in a bid to cut down the expenses incurred by mobile operators. There is an industry-wide adoption of those hybrid products. However, a lack of access control in the legacy network protocols that are now exposed to attacks via internet may come with a price.

According to the tests performed, more than 60% of randomly selected mobile operators are prone to unauthorised call forwarding. An attacker can easily get all the information needed, such as a customer's SIM Card IMSI, to authorize himself on the network and send a specially crafted packet activating the card forwarding service with a destination number of his choice.

In practice, an attacker with the knowledge of the customer's valid phone number can easily click on “Forgot Password” button and wait for the password reset call confirmation PIN. - It's simple as that, according to Stefan Ćertić, Chief Technologies Officer of CS Networks.

In a recent research paper – The Future of Mobile Security, Stefan is describing (M)Secure, a next-generation two-step authentication product relying on a patent pending call forwarding indication technology. “The goal is to prevent bad guys from stealing your sensitive data by disabling a call to an active call forwarding subscriber.”

Company executives are inviting all interested service providers to a quick demonstration of the security exploit.

“All interested companies are more then welcome to apply for live demonstration of the forwarding exploit. The (M)Secure technology has already found its way to a large number of banking and financial institutions after a successful presentation at the Mobile World Congress as recent hacks of major industry players have shown that traditional authentication methods are no longer enough”.