<div dir="ltr">I haven't used SS7 in the voice world, only touched briefly on the messaging side of it. Would hackers be able to do the same similar attack via SIGTRAN? I would think it would be easier to get access to a poorly managed SIGTRAN device which would then give you SS7 access.<div><br></div><div>Or even an Asterisk box running SS7 trunks.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Apr 21, 2016 at 1:00 PM, Dan York <span dir="ltr"><<a href="mailto:dyork@lodestar2.com" target="_blank">dyork@lodestar2.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Joseph,<div><br></div><div>I noticed that in Gmail (and perhaps other email systems), the longer reply I wrote for Kidd was hidden because it appeared after his text. Here's what I wrote...</div><span class=""><div><br></div><div><div>what's fascinating is the recent rise in end-to-end (e2e) encryption among IP-based communications platforms that include voice.</div><div> </div><div>WhatsApp, for instance, just completed the rollout of e2e encryption on April 5, and not just for messaging, but also for voice and video calls as well as file transfers ( <a href="https://blog.whatsapp.com/10000618/end-to-end-encryption" target="_blank">https://blog.whatsapp.com/10000618/end-to-end-encryption</a> ). Just yesterday the team behind Viber announced that they will soon have e2e encryption for all clients. The app Wire ( <a href="http://wire.com" target="_blank">http://wire.com</a> ) also does e2e encryption for voice, video and group chats.</div><div> </div><div>In a US Congress hearing this week, a Congressman asked a Dept of Homeland Security representative if e2e encryption available in apps would have prevented this interception that happened via SS7. The DHS answer was that it would mitigate the interception of the content, although the location meta-data would still be available. (You can view the exchange via the link in this tweet: <a href="https://twitter.com/csoghoian/status/722854012567969794" target="_blank">https://twitter.com/csoghoian/status/722854012567969794</a> )</div><div> </div><div>The end result is that we're definitely moving to a space where the communication over IP-based solutions will wind up being far more secure than what we had before.</div><div> </div><div>Interesting times,</div><div>Dan</div></div></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Apr 21, 2016 at 3:45 PM, Joseph Jackson <span dir="ltr"><<a href="mailto:jjackson@aninetworks.net" target="_blank">jjackson@aninetworks.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#44546a">I don’t know many places that encrypt their voice traffic.
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#44546a"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#44546a"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#44546a"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> VoiceOps [mailto:<a href="mailto:voiceops-bounces@voiceops.org" target="_blank">voiceops-bounces@voiceops.org</a>]
<b>On Behalf Of </b>Dan York<br>
<b>Sent:</b> Thursday, April 21, 2016 2:45 PM<br>
<b>To:</b> Kidd Filby<br>
<b>Cc:</b> <a href="mailto:voiceops@voiceops.org" target="_blank">voiceops@voiceops.org</a><br>
<b>Subject:</b> Re: [VoiceOps] SS7<u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">This is generally true if the calls are *unencrypted* on VoIP... <u></u><u></u></p><div><div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Thu, Apr 21, 2016 at 2:20 PM, Kidd Filby <<a href="mailto:kiddfilby@gmail.com" target="_blank">kiddfilby@gmail.com</a>> wrote:<u></u><u></u></p>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Comic Sans MS""><u></u> <u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Comic Sans MS"">Also folks, don't forget, the same outcome of recording someone's call is MUCH easier to accomplish once it is VoIP. IMHO, of course. ;-)<u></u><u></u></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">... BUT... what's fascinating is the recent rise in end-to-end (e2e) encryption among IP-based communications platforms that include voice.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">WhatsApp, for instance, just completed the rollout of e2e encryption on April 5, and not just for messaging, but also for voice and video calls as well as file transfers (
<a href="https://blog.whatsapp.com/10000618/end-to-end-encryption" target="_blank">https://blog.whatsapp.com/10000618/end-to-end-encryption</a> ). Just yesterday the team behind Viber announced that they will soon have e2e encryption for all clients. The app Wire (
<a href="http://wire.com" target="_blank">http://wire.com</a> ) also does e2e encryption for voice, video and group chats.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">In a US Congress hearing this week, a Congressman asked a Dept of Homeland Security representative if e2e encryption available in apps would have prevented this interception that happened via SS7. The DHS answer was that it would mitigate
the interception of the content, although the location meta-data would still be available. (You can view the exchange via the link in this tweet: <a href="https://twitter.com/csoghoian/status/722854012567969794" target="_blank">https://twitter.com/csoghoian/status/722854012567969794</a>
)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">The end result is that we're definitely moving to a space where the communication over IP-based solutions will wind up being far more secure than what we had before.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Interesting times,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Dan<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal">-- <u></u><u></u></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#888888"><u></u> <u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#888888">Dan York<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#888888"><a href="mailto:dyork@lodestar2.com" target="_blank"><span style="color:#0000cc">dyork@lodestar2.com</span></a> <a href="tel:%2B1-802-735-1624" value="+18027351624" target="_blank">+1-802-735-1624</a> Skype:danyork<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#888888">My writing ->
<a href="http://www.danyork.me/" target="_blank">http://www.danyork.me/</a><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#888888"><a href="http://www.danyork.com/" target="_blank"><span style="color:#0000cc">http://www.danyork.com/</span></a><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#888888">http://<a href="http://twitter.com/danyork" target="_blank"><span style="color:#0000cc">twitter.com/danyork</span></a><u></u><u></u></span></p>
</div>
</div>
</div>
</div></div></div>
</div>
</div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div><div style="font-size:13px;color:rgb(136,136,136);font-family:arial,sans-serif"><br></div><div style="font-size:13px;color:rgb(136,136,136);font-family:arial,sans-serif">Dan York</div><div style="font-size:13px;color:rgb(136,136,136);font-family:arial,sans-serif"><a href="mailto:dyork@lodestar2.com" style="color:rgb(0,0,204)" target="_blank">dyork@lodestar2.com</a> <a value="+18027351624" style="color:rgb(0,0,204)">+1-802-735-1624</a> Skype:danyork</div><div style="font-size:13px;color:rgb(136,136,136);font-family:arial,sans-serif">My writing -> <a href="http://www.danyork.me/" target="_blank">http://www.danyork.me/</a></div><div style="font-size:13px;color:rgb(136,136,136);font-family:arial,sans-serif"><a href="http://www.danyork.com/" style="color:rgb(0,0,204)" target="_blank">http://www.danyork.com/</a></div><div style="font-size:13px;color:rgb(136,136,136);font-family:arial,sans-serif">http://<a href="http://twitter.com/danyork" style="color:rgb(0,0,204)" target="_blank">twitter.com/danyork</a></div></div>
</div>
</div></div><br>_______________________________________________<br>
VoiceOps mailing list<br>
<a href="mailto:VoiceOps@voiceops.org">VoiceOps@voiceops.org</a><br>
<a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
<br></blockquote></div><br></div>