[VoiceOps] SS7

Jared Geiger jared at compuwizz.net
Thu Apr 21 18:27:42 EDT 2016


I haven't used SS7 in the voice world, only touched briefly on the
messaging side of it. Would hackers be able to do the same similar attack
via SIGTRAN? I would think it would be easier to get access to a poorly
managed SIGTRAN device which would then give you SS7 access.

Or even an Asterisk box running SS7 trunks.

On Thu, Apr 21, 2016 at 1:00 PM, Dan York <dyork at lodestar2.com> wrote:

> Joseph,
>
> I noticed that in Gmail (and perhaps other email systems), the longer
> reply I wrote for Kidd was hidden because it appeared after his text.
> Here's what I wrote...
>
> what's fascinating is the recent rise in end-to-end (e2e) encryption among
> IP-based communications platforms that include voice.
>
> WhatsApp, for instance, just completed the rollout of e2e encryption on
> April 5, and not just for messaging, but also for voice and video calls as
> well as file transfers (
> https://blog.whatsapp.com/10000618/end-to-end-encryption ).  Just
> yesterday the team behind Viber announced that they will soon have e2e
> encryption for all clients.  The app Wire ( http://wire.com ) also does
> e2e encryption for voice, video and group chats.
>
> In a US Congress hearing this week, a Congressman asked a Dept of Homeland
> Security representative if e2e encryption available in apps would have
> prevented this interception that happened via SS7. The DHS answer was that
> it would mitigate the interception of the content, although the location
> meta-data would still be available.  (You can view the exchange via the
> link in this tweet:
> https://twitter.com/csoghoian/status/722854012567969794 )
>
> The end result is that we're definitely moving to a space where the
> communication over IP-based solutions will wind up being far more secure
> than what we had before.
>
> Interesting times,
> Dan
>
> On Thu, Apr 21, 2016 at 3:45 PM, Joseph Jackson <jjackson at aninetworks.net>
> wrote:
>
>> I don’t know many places that encrypt their voice traffic.
>>
>>
>>
>>
>>
>>
>>
>> *From:* VoiceOps [mailto:voiceops-bounces at voiceops.org] *On Behalf Of *Dan
>> York
>> *Sent:* Thursday, April 21, 2016 2:45 PM
>> *To:* Kidd Filby
>> *Cc:* voiceops at voiceops.org
>> *Subject:* Re: [VoiceOps] SS7
>>
>>
>>
>> This is generally true if the calls are *unencrypted* on VoIP...
>>
>>
>>
>> On Thu, Apr 21, 2016 at 2:20 PM, Kidd Filby <kiddfilby at gmail.com> wrote:
>>
>>
>>
>> Also folks, don't forget, the same outcome of recording someone's call is
>> MUCH easier to accomplish once it is VoIP.  IMHO, of course.  ;-)
>>
>>
>>
>> ... BUT... what's fascinating is the recent rise in end-to-end (e2e)
>> encryption among IP-based communications platforms that include voice.
>>
>>
>>
>> WhatsApp, for instance, just completed the rollout of e2e encryption on
>> April 5, and not just for messaging, but also for voice and video calls as
>> well as file transfers (
>> https://blog.whatsapp.com/10000618/end-to-end-encryption ).  Just
>> yesterday the team behind Viber announced that they will soon have e2e
>> encryption for all clients.  The app Wire ( http://wire.com ) also does
>> e2e encryption for voice, video and group chats.
>>
>>
>>
>> In a US Congress hearing this week, a Congressman asked a Dept of
>> Homeland Security representative if e2e encryption available in apps would
>> have prevented this interception that happened via SS7. The DHS answer was
>> that it would mitigate the interception of the content, although the
>> location meta-data would still be available.  (You can view the exchange
>> via the link in this tweet:
>> https://twitter.com/csoghoian/status/722854012567969794 )
>>
>>
>>
>> The end result is that we're definitely moving to a space where the
>> communication over IP-based solutions will wind up being far more secure
>> than what we had before.
>>
>>
>>
>> Interesting times,
>>
>> Dan
>>
>>
>>
>> --
>>
>>
>>
>> Dan York
>>
>> dyork at lodestar2.com  +1-802-735-1624   Skype:danyork
>>
>> My writing -> http://www.danyork.me/
>>
>> http://www.danyork.com/
>>
>> http://twitter.com/danyork
>>
>
>
>
> --
>
> Dan York
> dyork at lodestar2.com  +1-802-735-1624   Skype:danyork
> My writing -> http://www.danyork.me/
> http://www.danyork.com/
> http://twitter.com/danyork
>
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20160421/ac250b41/attachment-0001.html>


More information about the VoiceOps mailing list