Privacy

34475 readers

584 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[Discussion] Veritasiums: Exposing the flaw in our phone system. (inv.nadeko.net)

submitted 1 day ago* (last edited 1 day ago) by N0x0n@lemmy.ml to c/privacy@lemmy.ml

4 comments fedilink hide all child comments

YouTube link: https://youtu.be/wVyu7NB7W6Y

Invidious link: https://inv.nadeko.net/watch?v=wVyu7NB7W6Y

Sorry for the formatting... Tried to remove the URL for better readability, but there seems some kind of bug.

TLDW

hack phones remotely just knowing it's phone number
Intercept 2FA sms
Intercept phone calls
Reroute phone calls
Geolocation of a target

I dunno if it has already been posted/discussed here but this kinda blew my mind ! Sorry there's a lot of clickbait but the general subject is interesting...

I never heard of SS7 and have actually no idea how the whole phone system communication works but that's kinda scary...

Yes we are probably not the first target with this "hack" nor is it as easy as exposed in this video and nor do we have 14k $ to spend on this, but that's not out of reach for some people. I mean it's not as expensive as Pegasus and people with the mean and some good stable income can probably misuse this system for targeting specific vulnerable people (example in the video).

top 4 comments

sorted by: hot top controversial new old

[–] Vlado@feddit.org 9 points 1 day ago (1 children)

I’m not an expert in this field, so other people might have something else to add, but my takeaway is mostly - do not rely on phone services. Don’t use MFA via SMS, etc. Most of the issues described, you can avoid if you’re careful, except the geolocation issue.

[–] TurtleTourParty@midwest.social 6 points 21 hours ago

If only we could convince US banks not to use MFA only via SMS

[–] drwho@beehaw.org 3 points 1 day ago

I never heard of SS7 and have actually no idea how the whole phone system communication works but that’s kinda scary…

SS7 and 1ESS are terribly insecure and were even before CALEA compliance was required. Folks compromising telephony routing systems was a thing back in the early 1990's.

Story time. I worked as a telecom engineer for a while. One of ourasks was, whenever the telco would get a warrant a small team of us at the office were tasked with turning up the surveillance features of our infra (dupe all CDR logs off to another system for chain of custody, log all of the SIP traffic from the specified subscribers to a separate set of logs on the same box for the same reason, basically trap-and-trace and pen register functionality updated for the early 00's (we had the capability of tapping and recording RTP traffic in realtime by abusing three way calling but were not asked to do it while I worked there)). About half the time we'd go into our back-end, and find taps already in place. A few times we took it to management, who kicked it up the food chain and were told flat out "Shut up, write up how you would have done it yourself, and just copy the data coming from what you found." So, we did. Never did find out who did it and why.

[–] PowerCrazy@lemmy.ml -3 points 19 hours ago

If you are interested in a subject, a video is the worst way to learn about it.