Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Security holes within SS7 were first uncovered by security researchers, including Nohl, and demonstrated at Chaos Communication Congress hacker conference in Hamburg in 2014. (1)
Details here (but just the usual "slightly better than lame" recommendations as to what to do.)
1. https://www.theguardian.com/technology/2016/apr/19/ss7-hack-explained-mobile-phone-vulnerability-snooping-texts-calls
2. https://www.firstpoint-mg.com/blog/ss7-attack-guide/
Looks like it would mainly be used in Man in the Middle attacks (MITM)
And of course, text messages sent unencrypted (as in "verify your login with this magic code" ) look vulnerable (so much for two factor authentication being a big deal).
Looks like it's up to network providers to monitor things very closely, but it's probably fair to say (OPINION) that they are too busy drumming up business to spend money on network monitoring.
Since this is said to be rare, it looks like only high-value targets would be at serious risk. (or if you use 2FA for banking?? Oh Oh. See below.)
That said, with the billions of mobile phone users worldwide, the risk of you being targeted for surveillance by cyber-criminals is probably small. But if you happen to be a president, queen or even doctor holding sensitive patient information on their mobile, your chances are much higher than those of an average Joe. If you’re still using 2FA for banking services, you might very well be in danger of having your account compromised. (2)
OPINION: internet authentication has had decades to come up with a "bulletproof" scheme, and we still have "log in with Google", "log in with Facebook" and "log in with Apple" and TFA ('we are sending you a verification code"
Is it kind of obvious that the people who could provide safe authentication really don't care?
Details here (but just the usual "slightly better than lame" recommendations as to what to do.)
1. https://www.theguardian.com/technology/2016/apr/19/ss7-hack-explained-mobile-phone-vulnerability-snooping-texts-calls
2. https://www.firstpoint-mg.com/blog/ss7-attack-guide/
Looks like it would mainly be used in Man in the Middle attacks (MITM)
And of course, text messages sent unencrypted (as in "verify your login with this magic code" ) look vulnerable (so much for two factor authentication being a big deal).
Looks like it's up to network providers to monitor things very closely, but it's probably fair to say (OPINION) that they are too busy drumming up business to spend money on network monitoring.
Since this is said to be rare, it looks like only high-value targets would be at serious risk. (or if you use 2FA for banking?? Oh Oh. See below.)
That said, with the billions of mobile phone users worldwide, the risk of you being targeted for surveillance by cyber-criminals is probably small. But if you happen to be a president, queen or even doctor holding sensitive patient information on their mobile, your chances are much higher than those of an average Joe. If you’re still using 2FA for banking services, you might very well be in danger of having your account compromised. (2)
OPINION: internet authentication has had decades to come up with a "bulletproof" scheme, and we still have "log in with Google", "log in with Facebook" and "log in with Apple" and TFA ('we are sending you a verification code"
Is it kind of obvious that the people who could provide safe authentication really don't care?Edit history
Please sign in to view edit histories.
Recommendations
0 members have recommended this reply (displayed in chronological order):
7 replies
= new reply since forum marked as read
= new reply since forum marked as read