Collaborate Disseminate
There is a lot of talk about SS7 attacks. Even if old article, but still interesting.
But lets say, someone accessed my account which uses two-step authentication (SMS verification method) and I started to suspect the SS7 a… Continue reading Is SS7 attack traceable/detectable?
By Waqas
The official Twitter account of security guru John McAfee was apparently
This is a post from HackRead.com Read the original post: John McAfee’ Twitter account hack: “Most likely my phone was compromised”
Continue reading John McAfee’ Twitter account hack: “Most likely my phone was compromised”
Imagine a SMS flood using a few phone numbers. The client blocks the phone numbers using the build in mechanism of the smart phone, and thus does not receive any notifications. Even though the user blocked the messages on his… Continue reading Does SMS flood cause denial of service even when "blocked"?
By Waqas
Israel is home to world’s most advanced surveillance tools industry
This is a post from HackRead.com Read the original post: Israeli Firm Offering WiFi Interception Service to Law Enforcement Agencies
Continue reading Israeli Firm Offering WiFi Interception Service to Law Enforcement Agencies
By Waqas
An old vulnerability in the Signalling System No. 7 (SS7)
This is a post from HackRead.com Read the original post: How SS7 Flaw Can Be Used to Hack Gmail and Bitcoin Wallet
Continue reading How SS7 Flaw Can Be Used to Hack Gmail and Bitcoin Wallet
Your name and phone number is all that’s needed to intercept SMS 2FA and raid your bitcoin wallet. Continue reading Why SMS two-factor authentication puts your bitcoins at risk
Democratic Sen. Ron Wyden is demanding to know how America’s largest telecommunications companies plan to stop hackers from exploiting vulnerabilities in an outdated mobile-data transfer framework that remains fundamental to how cellphones function. Wyden sent a series of letters Thursday to the chief executives of AT&T, Sprint, Verizon and T-Mobile to learn about their efforts to mitigate risks associated with weak points in Signaling System No 7, or SS7, a set of protocols that allow for different mobile phone networks to connect to one another. In addition, the Oregon senator sent a letter to the NSA director, Adm. Michael Rogers, requesting information about past attempts by adversaries to hack into SS7 for the purpose of spying on Americans, including military personnel, civilians and companies. The Daily Beast was the first to report on Wyden’s multiple letters. There are well-known security issues with SS7, including reported cases of intelligence agencies exploiting vulnerabilities in […]
The post Wyden demands answers from telecom giants, NSA over SS7 vulnerabilities appeared first on Cyberscoop.
Continue reading Wyden demands answers from telecom giants, NSA over SS7 vulnerabilities
I’ve read the following article about SS7 attack:
https://berlin.ccc.de/~tobias/31c3-ss7-locate-track-manipulate.pdf
I have some questions about this kind of attack:
Is SS7 attack can be done through regular home ISDN conn… Continue reading How SS7 attack first enter into SS7 network?
I’ve previously written about the serious vulnerabilities in the SS7 phone routing system. Basically, the system doesn’t authenticate messages. Now, criminals are using it to hack smartphone-based two-factor authentication systems: In short, the issue with SS7 is that the network believes whatever you tell it. SS7 is especially used for data-roaming: when a phone user goes outside their own provider’s… Continue reading Criminals are Now Exploiting SS7 Flaws to Hack Smartphone Two-Factor Authentication Systems
Cybersecurity researchers warned us that this would happen, eventually. Earlier this year, hackers were able to remotely pilfer German bank accounts by taking advantage of vulnerabilities evident in an important yet outdated communications protocol known as Signaling System 7, or SS7, which enables global cellular networks to communicate with one another. The high-tech robbery, initially reported last week by German newspaper Süddeutsche Zeitung, represents the first known, real-world case of thieves exploiting SS7 to intercept confirmation codes that are typically sent by banks to validate actions taken by online banking customers. Recently disclosed intrusions showcase a unique and sophisticated hacking operation that leveraged a combination of both targeted phishing emails and SS7 exploits to essentially bypass two-factor authentication, or 2FA, protection. Telecommunications giant O2-Telefonica confirmed details of the SS7-based cyberattacks to Süddeutsche Zeitung. The multi-stage cybercrime campaign required that the hackers steal user credentials to access individual bank accounts in […]
The post It finally happened: Criminals exploit SS7 vulnerabilities, prompting concerns about 2FA appeared first on Cyberscoop.