SS7 Vulnerability


#1

Hi,
SS7 is on the headlines again and it makes me think that any Revolut account can be hacked easily. If you know the phone number of someone with a Revolut account, you can intercept the Revolut confirmation SMS using the SS7 vulnerability and then install the app on a phone and then do the same to void the accounts. Has anything been done to avoid this ?


#2

Hi @polopolo,

I do understand your concerns however, the app apart from the sms code, it requires a passcode. Even if you press “Forgot” to reset the passcode the app requires a security question, e.g. Last top up amount (which can be only found on your online banking).


#3

Ok thank you. Doesn’t that leave a vulnerability for auto top up accounts ? Amount is likely to be 10,20,50,100 or 200