ss7 – SSL and internet security news

Security Vulnerabilities in the RCS Texting Protocol

December 16, 2019 infossl

cellphones, encryption, protocols, Security technology, securityengineering, ss7, vulnerabilities

Interesting research: SRLabs founder Karsten Nohl, a researcher with a track record of exposing security flaws in telephony systems, argues that RCS is in many ways no better than SS7, the decades-old phone system carriers still used for calling and texting, which has long been known to be vulnerable to interception and spoofing attacks. While … Read More “Security Vulnerabilities in the RCS Texting Protocol” »

Criminals are Now Exploiting SS7 Flaws to Hack Smartphone Two-Factor Authentication Systems

May 10, 2017 infossl

crime, hacking, phones, Security technology, ss7, twofactorauthentication

I’ve previously written about the serious vulnerabilities in the SS7 phone routing system. Basically, the system doesn’t authenticate messages. Now, criminals are using it to hack smartphone-based two-factor authentication systems: In short, the issue with SS7 is that the network believes whatever you tell it. SS7 is especially used for data-roaming: when a phone user … Read More “Criminals are Now Exploiting SS7 Flaws to Hack Smartphone Two-Factor Authentication Systems” »