I haven't used SS7 in the voice world, only touched briefly on the messaging side of it. Would hackers be able to do the same similar attack via SIGTRAN? I would think it would be easier to get access to a poorly managed SIGTRAN device which would then give you SS7 access.
Or even an Asterisk box running SS7 trunks. On Thu, Apr 21, 2016 at 1:00 PM, Dan York <[email protected]> wrote: > Joseph, > > I noticed that in Gmail (and perhaps other email systems), the longer > reply I wrote for Kidd was hidden because it appeared after his text. > Here's what I wrote... > > what's fascinating is the recent rise in end-to-end (e2e) encryption among > IP-based communications platforms that include voice. > > WhatsApp, for instance, just completed the rollout of e2e encryption on > April 5, and not just for messaging, but also for voice and video calls as > well as file transfers ( > https://blog.whatsapp.com/10000618/end-to-end-encryption ). Just > yesterday the team behind Viber announced that they will soon have e2e > encryption for all clients. The app Wire ( http://wire.com ) also does > e2e encryption for voice, video and group chats. > > In a US Congress hearing this week, a Congressman asked a Dept of Homeland > Security representative if e2e encryption available in apps would have > prevented this interception that happened via SS7. The DHS answer was that > it would mitigate the interception of the content, although the location > meta-data would still be available. (You can view the exchange via the > link in this tweet: > https://twitter.com/csoghoian/status/722854012567969794 ) > > The end result is that we're definitely moving to a space where the > communication over IP-based solutions will wind up being far more secure > than what we had before. > > Interesting times, > Dan > > On Thu, Apr 21, 2016 at 3:45 PM, Joseph Jackson <[email protected]> > wrote: > >> I don’t know many places that encrypt their voice traffic. >> >> >> >> >> >> >> >> *From:* VoiceOps [mailto:[email protected]] *On Behalf Of *Dan >> York >> *Sent:* Thursday, April 21, 2016 2:45 PM >> *To:* Kidd Filby >> *Cc:* [email protected] >> *Subject:* Re: [VoiceOps] SS7 >> >> >> >> This is generally true if the calls are *unencrypted* on VoIP... >> >> >> >> On Thu, Apr 21, 2016 at 2:20 PM, Kidd Filby <[email protected]> wrote: >> >> >> >> Also folks, don't forget, the same outcome of recording someone's call is >> MUCH easier to accomplish once it is VoIP. IMHO, of course. ;-) >> >> >> >> ... BUT... what's fascinating is the recent rise in end-to-end (e2e) >> encryption among IP-based communications platforms that include voice. >> >> >> >> WhatsApp, for instance, just completed the rollout of e2e encryption on >> April 5, and not just for messaging, but also for voice and video calls as >> well as file transfers ( >> https://blog.whatsapp.com/10000618/end-to-end-encryption ). Just >> yesterday the team behind Viber announced that they will soon have e2e >> encryption for all clients. The app Wire ( http://wire.com ) also does >> e2e encryption for voice, video and group chats. >> >> >> >> In a US Congress hearing this week, a Congressman asked a Dept of >> Homeland Security representative if e2e encryption available in apps would >> have prevented this interception that happened via SS7. The DHS answer was >> that it would mitigate the interception of the content, although the >> location meta-data would still be available. (You can view the exchange >> via the link in this tweet: >> https://twitter.com/csoghoian/status/722854012567969794 ) >> >> >> >> The end result is that we're definitely moving to a space where the >> communication over IP-based solutions will wind up being far more secure >> than what we had before. >> >> >> >> Interesting times, >> >> Dan >> >> >> >> -- >> >> >> >> Dan York >> >> [email protected] +1-802-735-1624 Skype:danyork >> >> My writing -> http://www.danyork.me/ >> >> http://www.danyork.com/ >> >> http://twitter.com/danyork >> > > > > -- > > Dan York > [email protected] +1-802-735-1624 Skype:danyork > My writing -> http://www.danyork.me/ > http://www.danyork.com/ > http://twitter.com/danyork > > _______________________________________________ > VoiceOps mailing list > [email protected] > https://puck.nether.net/mailman/listinfo/voiceops > >
_______________________________________________ VoiceOps mailing list [email protected] https://puck.nether.net/mailman/listinfo/voiceops
