[Discussion] Veritasiums: Exposing the flaw in our phone system.
-
YouTube link: https://youtu.be/wVyu7NB7W6Y
I dunno if it has already been posted/discussed here but this kinda blew my mind ! Sorry there's a lot of clickbait but the general subject is interesting...
I never heard of SS7 and have actually no idea how the whole phone system communication system works but that's kinda scary...
Yes we are probably not the first target with this "hack" nor is it as easy as exposed in this video and nor do we have 14k $ to spend on this, but that's not out of reach for some people. I mean it's not as expensive as Pegasus and people with the mean and some good stable income can probably misuse this system for targeting specific vulnerable people (example in the video).
-
System shared this topic on
-
YouTube link: https://youtu.be/wVyu7NB7W6Y
I dunno if it has already been posted/discussed here but this kinda blew my mind ! Sorry there's a lot of clickbait but the general subject is interesting...
I never heard of SS7 and have actually no idea how the whole phone system communication system works but that's kinda scary...
Yes we are probably not the first target with this "hack" nor is it as easy as exposed in this video and nor do we have 14k $ to spend on this, but that's not out of reach for some people. I mean it's not as expensive as Pegasus and people with the mean and some good stable income can probably misuse this system for targeting specific vulnerable people (example in the video).
I’m not an expert in this field, so other people might have something else to add, but my takeaway is mostly - do not rely on phone services. Don’t use MFA via SMS, etc. Most of the issues described, you can avoid if you’re careful, except the geolocation issue.
-
YouTube link: https://youtu.be/wVyu7NB7W6Y
I dunno if it has already been posted/discussed here but this kinda blew my mind ! Sorry there's a lot of clickbait but the general subject is interesting...
I never heard of SS7 and have actually no idea how the whole phone system communication system works but that's kinda scary...
Yes we are probably not the first target with this "hack" nor is it as easy as exposed in this video and nor do we have 14k $ to spend on this, but that's not out of reach for some people. I mean it's not as expensive as Pegasus and people with the mean and some good stable income can probably misuse this system for targeting specific vulnerable people (example in the video).
I never heard of SS7 and have actually no idea how the whole phone system communication works but that’s kinda scary…
SS7 and 1ESS are terribly insecure and were even before CALEA compliance was required. Folks compromising telephony routing systems was a thing back in the early 1990's.
Story time. I worked as a telecom engineer for a while. One of ourasks was, whenever the telco would get a warrant a small team of us at the office were tasked with turning up the surveillance features of our infra (dupe all CDR logs off to another system for chain of custody, log all of the SIP traffic from the specified subscribers to a separate set of logs on the same box for the same reason, basically trap-and-trace and pen register functionality updated for the early 00's (we had the capability of tapping and recording RTP traffic in realtime by abusing three way calling but were not asked to do it while I worked there)). About half the time we'd go into our back-end, and find taps already in place. A few times we took it to management, who kicked it up the food chain and were told flat out "Shut up, write up how you would have done it yourself, and just copy the data coming from what you found." So, we did. Never did find out who did it and why.
-
I’m not an expert in this field, so other people might have something else to add, but my takeaway is mostly - do not rely on phone services. Don’t use MFA via SMS, etc. Most of the issues described, you can avoid if you’re careful, except the geolocation issue.
If only we could convince US banks not to use MFA only via SMS
-
YouTube link: https://youtu.be/wVyu7NB7W6Y
I dunno if it has already been posted/discussed here but this kinda blew my mind ! Sorry there's a lot of clickbait but the general subject is interesting...
I never heard of SS7 and have actually no idea how the whole phone system communication system works but that's kinda scary...
Yes we are probably not the first target with this "hack" nor is it as easy as exposed in this video and nor do we have 14k $ to spend on this, but that's not out of reach for some people. I mean it's not as expensive as Pegasus and people with the mean and some good stable income can probably misuse this system for targeting specific vulnerable people (example in the video).
If you are interested in a subject, a video is the worst way to learn about it.
-
If only we could convince US banks not to use MFA only via SMS
Honestly it didn’t even occur to me that this could be a problem somewhere in this day and age. I don’t even remember when was the last time my bank sent me an SMS for MFA, but it’s a good point for people in US.
-
System shared this topic on
