Questions tagged [ss7]

10 questions
10
votes
2 answers

Is SS7 a threat any more?

I'm reading about an SS7 issue: SS7 flaw allows hackers to spy on every conversation. It seems to me that any phone on the world can be intercepted so the hacker can listen to your phone call or read your text message. As far as I know, google,…
7
votes
2 answers

How SS7 attack first enter into SS7 network?

I've read the following article about SS7 attack: https://berlin.ccc.de/~tobias/31c3-ss7-locate-track-manipulate.pdf I have some questions about this kind of attack: Is SS7 attack can be done through regular home ISDN connection ? (not requiring to…
ransh
  • 515
  • 6
  • 11
7
votes
1 answer

Should 2FA over SMS be considered insecure in the wake of recent SS7 attacks?

Design flaws related to SS7 has been known to us for quite a while now but telcos have conveniently discarded the arguments saying that the risk is too low due to the significant investments required for performing the attack. But considering the…
hax
  • 3,851
  • 1
  • 16
  • 34
5
votes
1 answer

Do SS7-based attacks affect landlines?

I am aware of the risks of SS7 for mobile users. Attackers can get location information, send spoofed texts, cause DoS and intercept phone calls/texts. Do those risks still apply for landlines? There is no roaming support, so I would assume call…
André Borie
  • 12,706
  • 3
  • 39
  • 76
4
votes
1 answer

SMS based 2FA intercepts

Reddit just revealed that they experienced a security breach as a result of an intercepted SMS based 2FA. Another post on SMS 2FA refers to flaw in the telecom’s ss7 protocol that was used to perform the breach. I’m not sure if the Reddit incident…
Aaron
  • 161
  • 3
3
votes
0 answers

Can SS7 attacks intercept SMS sent to a Google Voice number?

Hackers are able to steal 2FA SMS messages by exploiting SS7. As far as my understanding goes, this means gaining access to the SS7 system and then broadcasting a message akin to "This number is roaming on my network, send me all their SMS…
3
votes
1 answer

Does SMS flood cause denial of service even when "blocked"?

Imagine a SMS flood using a few phone numbers. The client blocks the phone numbers using the build in mechanism of the smart phone, and thus does not receive any notifications. Even though the user blocked the messages on his or her cell phone, does…
Daniel Grover
  • 872
  • 5
  • 10
2
votes
0 answers

Is SS7 attack traceable/detectable?

There is a lot of talk about SS7 attacks. Even if old article, but still interesting. But lets say, someone accessed my account which uses two-step authentication (SMS verification method) and I started to suspect the SS7 attack like this. I want…
balex
  • 272
  • 1
  • 11
1
vote
0 answers

How difficult are SS7 hacks?

Out of band communication via SMS has recently been shunned due to SS7 hacks. How likely are these to become more prevalent? I saw this question: Should 2FA over SMS be considered insecure in the wake of recent SS7 attacks? But nothing I have seen…
Chri3
  • 327
  • 1
  • 11
0
votes
0 answers

Can an attacker intercept mobile traffic exploiting SS7 vulnerability?

Can an attacker intercept my mobile traffic exploiting the ss7 vulnerability even if encrypted?