Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Vulnerability in iPhones and Androids
Link to tweet
EXPLOITING THE VULNERABILITY IN IPHONE AND ANDROID
As a penetration tester and security researcher, I want to talk about SS7; a vulnerability that exist in iPhones and android. People dont know about it. It cant be patched. I dont need to install malware on your phone before I collect data. Your phone number is enough. This is a form of radio penetration testing.
SS7, or Signaling System 7, is a set of telecommunication protocols used worldwide for handling phone calls and text messages. While SS7 serves a critical role in telecommunications, it has been known to have vulnerabilities that security researchers and malicious actors have exploited. Governments and intelligence agencies had the power to intercept calls and exploit the power of SS7; but now individuals with powerful tools have the capabilities to do that.
Hackers can read text messages, listen to phone calls and track mobile phone users locations with just the knowledge of their phone number using a vulnerability in the worldwide mobile phone network infrastructure. The exploit centres on a global system that connects mobile phone networks, and can give hackers, governments or anyone else with access to it remote surveillance powers that the user cannot do anything about.
Here's some information on SS7 vulnerabilities, how they can be exploited, and steps to mitigate these risks:
Exploiting SS7 Vulnerabilities
1. SMS Interception: One significant vulnerability is SMS interception. Malicious actors can exploit SS7 to intercept and read SMS messages sent to a target's phone number. This can lead to privacy breaches and unauthorized access to sensitive information like two-factor authentication codes.
2. Call Interception: Another vulnerability allows attackers to intercept phone calls and listen in on conversations. This is a significant concern for privacy and security.
3. Location Tracking: SS7 can be exploited to track the physical location of a mobile device, potentially enabling stalking or unauthorized surveillance.
4. Call and Message Spoofing: Attackers can use SS7 to spoof phone numbers, making it appear as though calls or messages are coming from a trusted source.
5. Denial of Service (DoS): While less common, SS7 networks can be targeted with DoS attacks, disrupting telecommunications services and causing inconvenience or financial losses.
6. Fraudulent Activities: Criminals can use SS7 attacks to commit fraud, such as bypassing international call charges, making premium-rate calls, or conducting fraudulent financial transactions.
Hackers can transparently forward calls, giving them the ability to record or listen in to them. They can also read SMS messages sent between phones, and track the location of a phone using the same system that the phone networks use to help keep a constant service available and deliver phone calls, texts and data.
The tools to perform this attack is sold on the open market today. The problem with ss7 attack is, while targeting only one phone number, you will end up collecting data from thousands of phone numbers in seconds.
While is fun to play with ss7, make sure you have the permission to perform the exploit if youre not researching.
The good thing it can be used to perform investigations and help bodies counter terrorism and fraud.
7 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
Vulnerability in iPhones and Androids (Original Post)
milestogo
Sep 2023
OP
Think. Again.
(18,774 posts)1. Wait...
...did someone think digital stuff was somehow private and protected from third party manipulation?
What gave them that idea?
Otto_Harper
(759 posts)2. But, but, but
Its against the rules. They can get into a lot of trouble for doing these things. (/snark)
unweird
(2,984 posts)3. Yeah and Captain Crunch cereal is a real threat too
How do I yawn any more expressively? SS7 indeed.
RainCaster
(11,623 posts)4. Pretending to be a security expert by ranting...
This shit about SS7 is ancient. BFD.
Progressive dog
(7,282 posts)6. the possibility has been there
What can access to SS7 enable hackers to do?
Once they have access to the SS7 system, a hacker can essentially have access to the same amount of information and snooping capabilities as security services.
Once they have access to the SS7 system, a hacker can essentially have access to the same amount of information and snooping capabilities as security services.
Access apparently isn't that easy. Hackers must be having a tough time. I suspect that if they had access to the cellphone systems, they could listen in on calls. Of course if they have no use for the information, maybe they're spying right now.
https://www.theguardian.com/technology/2016/apr/19/ss7-hack-explained-mobile-phone-vulnerability-snooping-texts-calls
The article is seven years ago.
usonian
(14,432 posts)7. This has been known since 2014 or so.
Security holes within SS7 were first uncovered by security researchers, including Nohl, and demonstrated at Chaos Communication Congress hacker conference in Hamburg in 2014. (1)
Details here (but just the usual "slightly better than lame" recommendations as to what to do.)
1. https://www.theguardian.com/technology/2016/apr/19/ss7-hack-explained-mobile-phone-vulnerability-snooping-texts-calls
2. https://www.firstpoint-mg.com/blog/ss7-attack-guide/
Looks like it would mainly be used in Man in the Middle attacks (MITM)
And of course, text messages sent unencrypted (as in "verify your login with this magic code" ) look vulnerable (so much for two factor authentication being a big deal).
Looks like it's up to network providers to monitor things very closely, but it's probably fair to say (OPINION) that they are too busy drumming up business to spend money on network monitoring.
Since this is said to be rare, it looks like only high-value targets would be at serious risk. (or if you use 2FA for banking?? Oh Oh. See below.)
That said, with the billions of mobile phone users worldwide, the risk of you being targeted for surveillance by cyber-criminals is probably small. But if you happen to be a president, queen or even doctor holding sensitive patient information on their mobile, your chances are much higher than those of an average Joe. If youre still using 2FA for banking services, you might very well be in danger of having your account compromised. (2)
OPINION: internet authentication has had decades to come up with a "bulletproof" scheme, and we still have "log in with Google", "log in with Facebook" and "log in with Apple" and TFA ('we are sending you a verification code" Is it kind of obvious that the people who could provide safe authentication really don't care?
Details here (but just the usual "slightly better than lame" recommendations as to what to do.)
1. https://www.theguardian.com/technology/2016/apr/19/ss7-hack-explained-mobile-phone-vulnerability-snooping-texts-calls
2. https://www.firstpoint-mg.com/blog/ss7-attack-guide/
Looks like it would mainly be used in Man in the Middle attacks (MITM)
And of course, text messages sent unencrypted (as in "verify your login with this magic code" ) look vulnerable (so much for two factor authentication being a big deal).
Looks like it's up to network providers to monitor things very closely, but it's probably fair to say (OPINION) that they are too busy drumming up business to spend money on network monitoring.
Since this is said to be rare, it looks like only high-value targets would be at serious risk. (or if you use 2FA for banking?? Oh Oh. See below.)
That said, with the billions of mobile phone users worldwide, the risk of you being targeted for surveillance by cyber-criminals is probably small. But if you happen to be a president, queen or even doctor holding sensitive patient information on their mobile, your chances are much higher than those of an average Joe. If youre still using 2FA for banking services, you might very well be in danger of having your account compromised. (2)
OPINION: internet authentication has had decades to come up with a "bulletproof" scheme, and we still have "log in with Google", "log in with Facebook" and "log in with Apple" and TFA ('we are sending you a verification code" Is it kind of obvious that the people who could provide safe authentication really don't care?