We have written about the almost infinite possibilities for surveillance and malicious activity presented by flaws in the Signaling System 7 (SS7) protocol used by virtually all mobile networks worldwide. A security research firm recently demonstrated how the same exploit can be used to drain a Bitcoin wallet. Which certainly drives home the point about how easy subverting (otherwise reliable) security systems can be.
Last week, a report by Mathy Vanhoef of imec-DistriNet revealed a vulnerability in the WPA2 protocol used by virtually all Wi-Fi networks worldwide. The flaw allows hackers to perform a man-in-the-middle (MitM) attack and decrypt and read all Internet traffic going through the network. However, Secure Phone users should rest assured that their security is not compromised.
Is someone trying to hack your phone? The answer to this question is most likely “yes” – regardless of whether you are a person of particular interest to hackers or not. The average Joe may not be the CEO of a petroleum or pharmaceutical company, but there is still money to be made in hacking their device and extracting data. Here is how attackers do that.
Imagine a world in which a low-budget hackers can track your every move, listen to your calls, read your texts, drain your bank account, and so on. All of this without leaving their rooms, and from a continent away. Imagine no more. Due to vulnerabilities in the SS7 protocol, this is the world in which you live right now.
If you were an intelligence agency, your dream would be to monitor anyone, anywhere in the world, right? The inherent vulnerabilities of SS7, a protocol used by network operators around the globe, make this dream a reality. Cybercriminals have also exploited these flaws to drain bank accounts. Here is what you need to know about SS7 and how to keep your data safe.
There’s so much personal information stored on your smartphone, locking it is just as natural as locking your house or car. But just like any physical lock could be an easy job for a skillful burglar, stealing your PIN is easy for hackers. And they don’t even have to look over your shoulder.
It is common wisdom that passwords are a very ineffective method for authentication. They can be brute-forced or guessed in a dictionary attack. So why use a password to lock your phone? Because the lock pattern and the common four-digit PIN are way weaker. So, what is the most reliable way to lock a phone? Here’s a rundown of the methods and why you better stick with passwords.
Your phone knows an awful lot about you. Your location, your bank account, the names of all your contacts, the passwords to all your accounts… You name it. And different apps on it have access, and permissions, to transmit this data to God knows who. You may trust the manufacturer of your phone has put only software on it that respects your privacy. But what about third-party apps that have the same permissions? And what if you have no idea how these apps got on your phone?
In an age when people do more and more things on their smartphones, getting to a free Wi-Fi hotspot feels like finding an oasis in the middle of the desert. Who wouldn’t prefer to hop on a free network and browse the hell of the Internet without having to worry about a data limit? Well, just like anything else that’s free, wi-fi comes with a fine print. And its reads “data leaks.”
Nowadays, IMSI-catchers are pretty much vanilla surveillance. Such devices have been used by law enforcement and not-so-lawful adversaries alike to seize phone data for over a decade. Now, researchers have demonstrated how the same can be done over Wi-Fi. And it is also relatively easy.