Finally: the big story on SS7 hacking. In plain English—how well-resourced adversaries can get into mobile carrier networks to intercept location, data, texts, and calls from any devicehttps://www.washingtonpost.com/business/technology/how-spies-can-use-your-cellphone-to-find-you--and-eavesdrop-on-your-calls-and-texts-too/2018/05/30/246bb794-5ec2-11e8-a4a4-c070ef53f315_story.html?utm_term=.242e655fbcf4 …
-
Show this thread
-
-
The ITU's SS7 protocol specifications (from 1993) mention security only two times ... as a factor dragging down performance and a reason for delays http://www.itu.int/rec/T-REC-Q.700-199303-I/en/ …pic.twitter.com/Kuew6RaG7K
1 reply 13 retweets 33 likesShow this thread -
Apparently there is a Darknet site for commercial SS7 tracking and interception of mobile phones. Does anybody have the .onion URL?pic.twitter.com/8RzOqBf7nR
4 replies 17 retweets 32 likesShow this thread -
No authentication on a carrier level. Let that sink in. This raises a scary question: can a foreign carrier simply request call/data/text forwarding for, say, a Verizon subscriber in the US without any authentication? Even if that person is not actually traveling?pic.twitter.com/pdANaBwznJ
5 replies 34 retweets 44 likesShow this thread -
Replying to @RidT
Yes (tho VZ likely has more security than other US carriers). Similarly, the US can obtain the same for subscribers in the US.
2 replies 1 retweet 1 like -
Replying to @emptywheel @RidT
Why do you say VZ might have better security than other carriers?
1 reply 0 retweets 0 likes
1) bc good reason to believe USG got virtually all the phone dragnet data it wanted "overseas" before 2009, and for AT&T and others ex VZ thereafter. 2) bc USA Freedom was really about getting what they weren't getting, which was VZ cell records.
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.