Call Privacy Virtually Non-Existent Because Of Poor SS7 Security

Status
Not open for further replies.

jalek

Distinguished
Jan 29, 2007
523
0
18,990
1
It takes fake cell towers? Weren't those in the news recently as one of the ways the US government has been monitoring the people it supposedly serves?
 

MustSee4KTV

Reputable
Oct 30, 2014
5
0
4,510
0
Jalek, I remember a news story (I think it was 60 Minutes) about 2 farmers that wanted to test the hack. They said that all the equipment they need to build it was $6000. The put it on a model bi-plane/drone (included in their price) and programmed it to fly in circles. They tested it in their fields as not to intercept someone else's calls, but they of course intercepted their own calls and could hear everything that was said. They said that they were surprised more governments don't do that. The plane is now hanging at the International Spy Museum in D.C.
 

Woody87

Honorable
Nov 15, 2013
9
0
10,510
0
A solution to the two factor email authentication vulnerability would be to use a virtual phone number to authenticate the email account that is tied to a different email account and set that virtual number to send you an email instead of an SMS text with the authentication code. The email is encrypted and thus they would need to hack both email accounts simultaneously to obtain access. I wonder how many people change their mobile phone number and forget to reset their email authentication before leaving the store? not a problem with virtual numbers.

You can further enhance security by limited email access to specific devices if your provider allows it.

Also...voice and SMS aren't meant to be secure....We used to use party lines...Remember how easy it was to wiretap a landline with a portable radio earbud? Back in the days of early cellular you could listen to other people's phone calls with a scanner you could buy at Radio Shack. Early wireless house phones could be intercepted with a baby monitor. We've actually made it more of a challenge to eavesdrop but the bottom line is don't expect your phone and SMS to be totally secure.
 

toadhammer

Honorable
Nov 2, 2012
109
0
10,680
0
LTE is fairly secure; the phone has to be authenticated by the network, but the phone also authenticates the network. Makes it very hard to fake. Unfortunately, it is still possible for a fake basestation to force the phone to fall back to 3G or 2G, which are vulnerable.
 
Status
Not open for further replies.

ASK THE COMMUNITY