0

Can an attacker intercept my mobile traffic exploiting the ss7 vulnerability even if encrypted?

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • On its own, no, there's no magic "disable encryption on mobile connection", but SS7 is usually popular for intercepting 2FA or social engineering attack. So if the user/service provider is vulnerable to it, the attacker can have a new valid certificate for user's website or register their device for user's messaging app even if it's encrypted – Martheen Feb 15 '21 at 03:15
  • Attacker needs access to network operator to exploit SS7. Although SS7 has been deprecated in LTE, legacy support still exists when the device fallsback to 3G & 2G. – defalt Feb 15 '21 at 09:29
  • @Martheen what encryption are you talking about ? You TCP encryption or GSM encryption ? – BiosRootKit Feb 15 '21 at 22:04
  • @defalt as I know geolocalization is still working on some country in europe – BiosRootKit Feb 15 '21 at 22:05
  • 1
    TLS, SSH, app-level E2EE, those aren't affected. If you only have GSM encryption protecting you, you're effectively sending unencrypted traffic to the public internet anyway. – Martheen Feb 16 '21 at 03:47
  • @Martheen but in my main question I have written that I'm not talking about encryption. My question concern only the traffic. I mean, can an attacker intercept the traffic ? I'm sorry my English is very bad. But I mean if an attacker can intercept traffic. I'm NOT interested if it's encrypted or not. – BiosRootKit Feb 16 '21 at 14:21
  • 1
    What's the point of intercepting if they can't read it anyway? – Martheen Feb 16 '21 at 20:46
  • @Martheen the you can have an idea of the browser of the target watchend dns resolving. Isn'it ? – BiosRootKit Feb 16 '21 at 22:48
  • Chromium-based browser upgrades to DoH automatically if the OS is set to use supported providers, Firefox too on the US and encourage user elsewhere to use their built-in list. – Martheen Feb 16 '21 at 22:52

0 Answers0