Casa > cibernético Notícias > WhatsApp’s End-to-End Encryption Prone to SS7 Vulnerabilities

WhatsApp’s End-to-End Encryption Prone to SS7 Vulnerabilities

shutterstock_271501652WhatsApp’s recent adoption of end-to-end encryption was a big deal in the cyber security community. Contudo, a research conducted by Positive Technologies reveals that the end-to-end encryption in services such as WhatsApp and Telegram is vulnerable. More specific, researchers have found vulnerabilities in the Signalling System 7 (SS7) rede.

It’s a known fact that one-time codes via SMS are insecure, because mobile communication is insecure. Both the SS7 network and air interface encryption algorithms suffer from vulnerabilities. Attacks on SS7 may be conducted from anywhere, and hackers may choose other targets apart from messengers. It is worth noting that all the tests were performed with default settings, i.e. the mode most users apply.

As you perhaps know, SMS authentication is applied as security verification in messages in various services like WhatsApp. This authentication is routed via SS7 signalling. De acordo com pesquisadores, one-time codes via SMS are unsafe, because mobile communication also is. De fato, not only the SS7 network is vulnerable but also air interface encryption algorithms. além disso, attacks on SS7 can be initiated from anywhere. Besides messengers, malicious actors may target other services, também.

More WhatsApp Security News:
Nivdort Trojan Spread Via Fake WhatsApp Emails
WhatsApp’s End-to-End Encryption

How Was the Research Conducted?

Dito, it’s important to note that Positive Technologies’ research was conducted with default settings, which is the mode used by most users. A test account was set up in Telegram and several messages were exchanged. Then an SS7 attack was carried out on the test numbers via identification of IMSI (International Mobile Subscriber Identity).

Após digitar o código, full access is obtained to the Telegram account including the ability to write messages on behalf of the victim as well as read all the correspondence.

Segundo a empresa, mobile operators should improve the signaling security and make it harder for attackers to intercept communications. além do que, além do mais, WhatsApp and similar services should apply another layer of verification on the user’s identity.

What Do Mobile Operators and WhatsApp, Telegram Say?

SC Magazine UK has already approached WhatsApp and Telegram, together with all the major mobile operators in the United Kingdom. Para agora, none has replied with a comment.

Contudo, Jacob Ginsberg, who is senior director at Echoworx, has told the magazine that a logical next step for users is todouble check their settings to find out if they are being notified of any changes to their keys or authentication“.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:

1 Comente
  1. AvatarMP5A5

    What else is new. The only sure way is the old way. 1 time pads or the like. The only thing off the top of my head would be using an live or virtual linux distro such as tails, running it routed through i2p, proxychained or Torbut then that pesky MIT bug and allpgp and memory wipe, even then disable camera, mic and all non essentials taking it further run it on a mini sdcard and wammo eat the damn thing. A paraphrasing of a quote from I think Jefferson or Jackson?:
    When the Government fears the people there is freedom, when the citizens fear the Government Tyranny” – we are in the middle harboring along the razors edge.


Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar