THE VULNERABILITY IN IPHONE AND ANDROID
EXPLOITING THE VULNERABILITY IN IPHONE AND ANDROID
As a penetration tester and security researcher, I want to talk about SS7; a vulnerability that exist in iPhones and android. People don’t know about it.
It can’t be patched. I don’t need to install malware on your phone before I collect data. Your phone number is enough. This is a form of radio penetration testing.
SS7, or Signaling System 7, is a set of telecommunication protocols used worldwide for handling phone calls and text messages. While SS7 serves a critical role in telecommunications, it has been known to have vulnerabilities that security researchers and malicious actors have exploited.
Governments and intelligence agencies had the power to intercept calls and exploit the power of SS7; but now individuals with powerful tools have the capabilities to do that.
Hackers can read text messages, listen to phone calls and track mobile phone users’ locations with just the knowledge of their phone number using a vulnerability in the worldwide mobile phone network infrastructure.
The exploit centres on a global system that connects mobile phone networks, and can give hackers, governments or anyone else with access to it remote surveillance powers that the user cannot do anything about.
Here's some information on SS7 vulnerabilities, how they can be exploited, and steps to mitigate these risks:
Exploiting SS7 Vulnerabilities
1. SMS Interception: One significant vulnerability is SMS interception. Malicious actors can exploit SS7 to intercept and read SMS messages sent to a target's phone number. This can lead to privacy breaches and unauthorized access to sensitive information like two-factor authentication codes.
2. Call Interception: Another vulnerability allows attackers to intercept phone calls and listen in on conversations. This is a significant concern for privacy and security.
3. Location Tracking: SS7 can be exploited to track the physical location of a mobile device, potentially enabling stalking or unauthorized surveillance.
4. Call and Message Spoofing: Attackers can use SS7 to spoof phone numbers, making it appear as though calls or messages are coming from a trusted source.
5. Denial of Service (DoS): While less common, SS7 networks can be targeted with DoS attacks, disrupting telecommunications services and causing inconvenience or financial losses.
6. Fraudulent Activities: Criminals can use SS7 attacks to commit fraud, such as bypassing international call charges, making premium-rate calls, or conducting fraudulent financial transactions.
Hackers can transparently forward calls, giving them the ability to record or listen in to them. They can also read SMS messages sent between phones, and track the location of a phone using the same system that the phone networks use to help keep a constant service available and deliver phone calls, texts and data.
I remember some years ago when I was in communication with my mother on the phone, the call was interrupted with another voice in it and immediately the call ended. Then I realized that something was wrong, I was even getting phone calls from people I don't know. So I decided to change my number which I always do. I think it is safe.
Having more than one mobile phone is okay but black hackers can still hack you. Even using VPN on your phones is not a safe thing any more, black Hackers can still hack you through your phone number. Even if you decided to buy a foreign number, someone can still hack you.
The Point is that every new technology have an atom of vulnerability and we are not safe in this world anymore. Now you might want to ask; what is the way forward ?
The way forward is very simple: Be Security Caution & Precaution.
Companies might have a strong security framework to protect your assets or data such as your PII (Personal Identification Information), emails, phone numbers, social media accounts, money, mobile bank apps, but you need to play your part by be security caution and precaution.
How can you be security caution and precaution?
Be security caution is be careful in the midst of an incident but be security precaution is be careful in advance. So the following will help you:
1. Annually or Monthly can your Passwords
Always change your passwords on your mobile phone, emails, social media accounts and even your bank mobile app. This is one of the reasons why I created the Password Generator which enable you to create a strong password. You can start generating a strong password now by clicking the link https://caretakerport.github.io/CATpassword/
2 Always check if your emails has been compromised
Check if your emails has been compromised is one of the best way to be security precaution because you will be aware of the incident you might encounter later in the future or you take immediate action by reporting to the email provider. You can click the link
3. Avoid using only one phone number
Yes you reads it right !
Using one particular phone number in making phone calls or SMS is not safe. Because your network provider somehow always upgrade their network interface and it's possible that your phone number might not have the new features after the upgrade. Which mean that your phone number is using an old feature which might be easy for black hackers to gain access to your phone information. Also your phone number might be experiencing network failure but your neighbor phone number is working with the same network you are using. Why, because your phone number is using an old feature after your network must have upgraded their network interface.
I am not saying that you should abandon your current phone number. But try not to depend only on that phone number. You can use one number to make call today and make call with another number tomorrow. That's prefect.
4. Be careful with what you discuss on the phone.
The phone is the best mean for communication in the sense that you don't need to visit the person, you can tell the person your secret via phone call or SMS. But be careful what you discuss with the person on the phone/SMS.
Credit: Nana Sei Anyemedu & Lieber Mathias
Comments
Post a Comment