Tag Archive for Ron Wyden

| March 19, 2020
Comments Off on COVID Cover for Power Grab to End Encryption

COVID Cover for Power Grab to End Encryption

COVID Cover for Power Grab to End EncryptionJust in time for Independence day. Republican Senator Lindsey Graham (SC) led the U.S. Senate to approve the EARN IT Act. The bill could end encryption and free speech as we know it, online. The EFF explains…

The bill will create a new government commission, dominated by law enforcement agencies, and give it unprecedented power over websites both large and small. Attorney General Bill Barr and the DOJ have demanded for years that messaging services give the government special access to users’ private messages. If EARN IT passes, Barr will finally get his wish—law enforcement agencies will be able to scan every message sent online. The EARN IT Act (S. 3398) is anti-speech, anti-security, and unnecessary.

The legislation is intentionally vague. The legislation gives this new commission unprecedented power. It can demand websites share nearly any information or do nearly anything it wants. It effectively makes encryption and protecting your privacy illegal.

Do something this Fourth of July!

1.  Sign the Action Network petition to tell Congress. “Don’t kill online encryption! Reject the dangerous EARN IT Act.

2.  Call 1 (813) 213-3989. You’ll be connected to your members of Congress so you can tell them. Vote NO on the EARN IT Act, and any attempt to spy on our digital communications.

COVID Cover for Power GrabIn the midst of America closing up shop in fear over the COVID-19 pandemic, the U.S. government is not shutting down. Why? Perhaps they figure that most of us are too preoccupied with toilet paper hoarding and missing March madness. They figure they can sneak in additional restrictions on our freedoms.

Government plan to destroy online free speech and securityCasey Newton at the Verge is tracking the Eliminating Abusive and Rampant Neglect of Interactive Technologies (“EARN IT”) Act EARN IT Act (S. 3398). The EARN IT BILL was the subject of a Senate hearing on 03/12/2020. The EARN IT Act was introduced by the self-quarantined Trump supporter, Republican Sen. Lindsey Graham. The premise of the bill is that technology companies have to earn Section 230 protections. This changes decades of precedent. The bill says tech firms have to earn Section 230 protections by complying with the politicians. Rather than being granted immunity by default by the Communications Decency Act.

EARN IT Act designed to hobble encryption

Experts believe that the bill is the latest effort by the government to destroy online free speech and security. It is designed to hobble encryption in the guise of child protection. Today, it is disguised as “Lawful access” in the U.S. government’s latest push against end-to-end encryptionCNet defines end-to-end encryption as a security technology that encodes your sensitive data. Data like passwords and financial and health information stored on your devices. Encryption protects your data from being viewed by employees of the company providing the service, and governments looking to spy on citizens.

The bill calls for tech companies to create an opening in their own encryption. An opening that only law enforcement agencies could use for investigations. The Feds have a long history of attacking encryption online. CNet explains that In 2017, the Justice Department called it “responsible encryption.” The feds wanted tech firms to provide encryption for everyone. But only if they hand over a special key that governments could use to snoop on communications. The FBI calls it the “Going Dark” problem. They claim investigations can hit a dead end because of encryption. Prosecutors have asked for backdoors to encryption. The Justice Department has called it “warrant-proof encryption.” The DoJ argues that encryption hinders law enforcement from keeping track of criminals or gathering evidence.

Protections under the First Amendment

Mr. Newton points out that it’s not clear that companies have to “earn” what are already protections provided under the First Amendment to publish and to allow their users to publish, with very few legal restrictions. But if the EARN IT Act were passed, tech companies could be held liable if their users posted illegal content. This would represent a significant and potentially devastating amendment to Section 230, a much-misunderstood law that is considered a pillar of the internet and the $26 Trillion businesses that operate on top of it.

bureaucratic set of best practicesThe EARN IT Act would require tech firms to adhere to a bureaucratic set of “best practices.” The “best practices” would drawn up by a newly created national commission. They would have to be approved by the attorney general, homeland security, and the chairman of the FTC.

One of the “best practices” could be eliminating end-to-end encryption. That would deprive the world of a secure communications tool at a time when authoritarian governments are surging around the world. If the tech firms failed to eliminate end-to-end encryption, they could lose legal protection under Section 230.

Graham plan to weaken encryption

There is little doubt they plan to weaken encryption. Graham, says:

Facebook is talking about end-to-end encryption which means they go blind … We’re not going to go blind and let this abuse go forward in the name of any other freedom.

Berin Szoka, president of think tank TechFreedom said,

DOJ could effectively ban end-to-end encryption.

Encryption backdoor

The problem with lawful access, is that the backdoor or key created for governments would essentially create an opening for everyone. The Feds have already proven they can’t keep their secrets secretas EternalBlue Vault7 and Snowden have proved.Government backdoor would create an opening for everyone

Sophos Naked Security blog spoke to Riana Pfefferkorn, Associate Director of Surveillance and Cybersecurity from The Center for Internet and Society at Stanford Law School about EARN IT. Her analysis says the proposed bill containing no tools to actually stop online child abuse. The bill would actually make it much harder to prosecute pedophiles. She explained that as it now stands, online providers including Apple, Facebook and Google proactively, and voluntarily, scan for child abuse images.

protections against unreasonable search to get warrants before they search our digital contentThe keyword is “voluntarily,” Ms. Pfefferkorn says. Those platforms are all private companies, as opposed to government agencies, which are required by Fourth Amendment protections against unreasonable search to get warrants before they search our digital content.

The reason that private companies like Facebook can, and do, do exactly that is that they are not the government, they’re private actors, so the Fourth Amendment doesn’t apply to them.

Agents of the state

Turning the private companies that provide those communications into “agents of the state” would, ironically, result in courts’ suppression of evidence of the child sexual exploitation crimes targeted by the bill, she said.

That means the EARN IT Act would backfire for its core purpose, while violating the constitutional rights of online service providers and users alike.

rb-

Department of Defense has explained that it depends on encryptionThe U.S. Department of Defense has explained that it depends on encryption to protect its employees and sensitive data.

Senator Ron Wyden, a Democrat from Oregon criticized the bill for its potential effects on encryption.

This bill is a transparent and deeply cynical effort by a few well-connected corporations and the Trump administration to use child sexual abuse to their political advantage, the impact to free speech and the security and privacy of every single American be damned.

I am not a fan of Facebook, but they do provide millions of reports to the National Center for Missing & Exploited Children every year. Sadly the amount of action taken by the Feds isn’t quite the same. It is due to a lack of resources and funding from the federal government, according to a New York Times report.

A better way to address the issue would be to give law enforcement more resources. Sen. Wyden argues that the EARN IT Act is a distraction from the Justice Department’s lack of funding and resources to handle online child exploitation.

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| June 17, 2018
Comments Off on What is SS7?

What is SS7?

What is SS7?– Updated 10/25/2018 – The NYT is reporting that China and Russia are spying on Trump via his unsecured iPhone. NYT says that though intercepted calls, likely related to SS7 the Chinese have pieced together a list of the people with whom Mr. Trump regularly speaks in hopes of using them to influence the president, the officials said. Among those on the list are Stephen A. Schwarzman, the Blackstone Group CEO, and Steve Wynn, the former Las Vegas casino magnate.

Trump uses unsecure cell phoneA number of outlets are speculating that the Chinese are using the known SS7 flaw to spy on the president’s iPhone.  I have written about the problems with SS7 a number of times since 2016 and now the chicken has come home to roost.

Trump recently bragged that he gave the North Korean dictator his personal cell number. If that is true, he has created a major national security exposureKarsten Nohl, chief scientist at the firm Security Research Labs, who researches cell network attacks told Wired,  “Absolutely that is a problem.” He says hackers can abuse flaws in Signaling System 7 to listen in on someone’s phone calls, intercept their text messages, and track their location.

North Korean intelligence isn't already tracking Trump's phonesIf North Korean intelligence isn’t already tracking Trump’s phones through malware, a direct phone number could give them a way in. The SS7 attacks can give hackers relatively easy access to calls and texts, and location data. Wired points out that North Korea has proven itself as an adversary willing to hack and manipulate systems around the world for its financial or intelligence gain—it was responsible both for the 2014 hack of Sony and 2017’s WannaCry ransomware outbreak – SS7 hacking is likely no exception.

The telecom industry and U.S.government have done very little to plug the SS7 hole. Senator Ron Wyden, a Democrat from Oregon and a senior member of the Senate Select Committee on Intelligence, has been tracking the SS7 issue for several years. He has sent letters to FCC Chairman Ajit Pai, asking for answers on SS7 security and details about how many network providers have been breached through SS7. Mr. Wyden wrote, “I’ve spent the past year fighting to reveal what a terrible job the telephone companies and FCC are doing at protecting Americans from being spied on, tracked, or scammed.”

Attackers used SS7 to get customer dataFCC Chairman Ajit Pai

Mr. Wyden said he had been told by a big-name mobile network that malicious attackers are believed to have used SS7 to obtain US customer data. DHS confirmed reports of “nefarious” types leveraging SS7 to spy on American citizens by targeting their calls, text messages, and other information.

So what is SS7?

The Signaling System 7 (SS7) network is fundamental to cellphones operations, but its security design relies entirely on trust. The protocol does not authenticate messages; anyone with access to SS7 can send a routing message, and the network will make it. Now as SS7 network operators are opening the SS7 network to third-party access, vulnerabilities are being exposed and attacked initially by governments and now criminals.

Since 1975, over 800 telecommunications companies around the world use SS7 to ensure their networks interoperate. SearchNetworking.com defines the Signaling System 7 (SS7) as an international telecommunications standard that describes how network elements in a public switched telephone network (PSTN) exchange information over a digital signaling network.

SS7 control messages

SS7 control messages contain routing, congestion, and authentication information.

  • SS7 routing deals with: How do I send a call to 313-555-1234?
  • Congestion – What to do if the route to a network point is crowded.
  • Authentication – Confirms that the caller is a valid subscriber and lets the call set up continue.

They explain that SS7 consists of a set of reserved or dedicated channels known as signaling links. There are three kinds of network points signaling points:

  • Service Switching Points (SSPs) originate or terminate a call and communicate with SCPs to determine how to route a call or set up and manage some special feature.
  • Signal Transfer Points (STPs) are packet switches that route traffic on the SS7 network.
  • Service Control Points (SCPs) SCPs and STPs are usually mated so that service can continue if one network point fails.

Cell phonesSS7 out-of-band signaling (control) information travels on a separate, dedicated 56 or 64 Kbps channel and not within the same channel as the telephone call. Historically, the signaling for a telephone call has used the same voice circuit that the telephone call traveled on. Using SS7, telephone calls can be set up more efficiently and special services such as call forwarding and wireless roaming service are easier to add and manage. SS7 is used for:

  • Setting up and managing the connection for a call,
  • Tearing down the connection when the call is complete
  • Billing,
  • Managing features such as:
    • call forwarding,
    • calling party name and number display,
    • three-way calling,
    • Toll-free (800 and 888) and toll (900) calls
    • 911 emergency service calls in the US, and,
    • Other Intelligent Network (IN) services.
  • Wireless as well as wireline call service including:
    • Mobile telephone subscriber authentication,
    • Personal communication service (PCS) and,
    • Roaming,
    • SMS messages.

Within SS7, SMS messages are sent on the same channels and infrastructure as SS7 uses to control the core of the telephone networks.

When an SMS message is sent from an SMS-capable cell phone, the message is handled no differently than a normal call setup: it moves from the cell phone to a base station to a Mobile Switching Center (MSC).

SMS messageFrom the mobile switching center, the SMS message moves inside the SS7 network to the Short Messaging Service Center (SMSC), a standard part of the network. The SMSC queries the Home Location Register (HLR) to find out where the recipient of the message is and whether he or she is switched on to receive a message. If not, the SMSC stores the message until it can be delivered.

Mobile Switching Center (MSC) — The MSC is the equivalent of the local switch inside the mobile network. It provides very similar services to a switch, but uses virtual circuits over radio channels instead of physical voice circuits. One variation on the MSC is the Gateway Mobile Switching Center (GMSC) which routes calls into and out of the network and will not have phones locally registered.

Visitor Location Register (VLR) — The VLR is the database attached to an MSC that keeps track of all the phones currently “registered” to it, informing other nodes of status changes, and checking authentication information.

Short Message Service Center (SMSC) —The SMSC is the clearinghouse for SMS messages on an SS7 network and provides store-and-forward services.

Home Location Register (HLR) — HLR is a core database that keeps track of subscribers. It contains information on the current account status and provides authorization information for billing. When a call or SMS is trying to reach a subscriber, this is the node that is queried to find out where in the network that subscriber actually is.

SS7 Architecture

rb-

Mr. Nohl told Motherboard SS7 is, “probably the weakest link in our digital protection chain.” CTIA, the telecom lobbying arm, denies there is a problem with SS7. CTIA told DHS that the SS7 flaws are “perceived shortcomings.” They also said that talking about SS7 attacks is “unhelpful.” CTIA, practicing “security through obscurity,” claimed that talking about the issues may help hackers. 

This is a mess. Contact your senator and representative in D.C. and tell them to support Senator Wyden, efforts to force the FCC to deal with the SS7 flaws. 

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| June 15, 2017
Comments Off on Scary SS7 Flaw Strikes Banks

Scary SS7 Flaw Strikes Banks

Scary SS7 Flaw Strikes BanksLost in last month’s hubbub over WannaCry ransomware was the revelation that hackers had successfully exploited the SS7 “flaw” in January 2017. In May reports surfaced that hackers were able to remotely pilfer German bank accounts by taking advantage of vulnerabilities in Signaling System 7 (SS7). SS7 is a standard that defines how the public phone system talks to itself to complete a phone call.

Signaling System 7 is a standard that defines how the public phone system talks to itself to complete a phone call.The high-tech heist was initially reported by the German newspaper Süddeutsche Zeitung (auf Deutsch). The attack was a sophisticated operation that combined targeted phishing emails and SS7 exploits to bypass two-factor authentication (2FA) protection. This is the first publicly known exploit of SS7 to intercept two-factor authentication codes sent by a bank to confirm actions taken by online banking customers.

How hackers get in

According to ars Technica, the attack began with traditional bank-fraud trojans. These trojans infect account holders’ computers and steal the passwords used to log in to bank accounts. From there, attackers could view account balances, but were prevented from making transfers without the one-time password the bank sent as a text message. After stealing the necessary login details via phishing emails, the perpetrators leveraged the SS7 flaw to intercept the associated mTAN (mobile transaction authentication numbers) authentication codes sent to the victims — messages notifying them of account activity — to validate the transactions and remain hidden, investigators say.

Central office equipmentGerman Telecommunications giant O2-Telefonica confirmed details of the SS7-based cyberattacks to the newspaper. Ars says, in the past, attackers have obtained mTANs by obtaining a duplicate SIM card that allows them to take control of the bank customer’s phone number. SS7-facilitated compromises, by contrast, can be done remotely on a much larger quantity of phone numbers.

O2 Telefonica confirmed to Help Net Security that the attackers were able to gain access to the network of a foreign mobile network operator in January 2017. The attackers likely purchased access to the foreign telecommunications provider – this can apparently be done for less than 1,000 euros – and have set up a call and SMS forwarding.

Two-factor authentication

Ford Road CO in Dearborn Mi is the Oregon officeTwo-factor authentication (2FA) is a security process in which the user provides two authentication factors to verify they are who they say they are.  2FA provides an extra layer of security and makes it harder for attackers to gain access to a person’s devices and online accounts because knowing the victim’s password alone is not enough to pass the authentication check. Two-factor authentication has long been used to control access to sensitive systems and data, and online services are increasingly introducing 2FA to prevent their users’ data from being accessed by hackers who have stolen a password database or used phishing campaigns to get users’ passwords.

News of the incident prompted widespread concern online. Security advocates railed against the popular and continuous use of text messages to authenticate account information while growing evidence suggests that SS7 is an unsafe channel to deliver such data. Security experts told ars that the same SS7-centric hacking techniques used against German banks will become increasingly prevalent in the future, forcing organizations to reconsider how they authenticate user activity.

The end of 2FA?

Cris Thomas, a strategist at Tenable Network Security warns in the article:

While this is not the end of 2FA, it may be the end of 2FA over SS7, which comprises a majority of 2FA systems … Vulnerabilities in SS7 and other cellular protocols aren’t new. They have been presented at security conferences for years … there are other more secure protocols available now that systems can switch to…

Cybersecurity researchers began issuing warnings about this flaw in late 2014 about dangerous flaws in SS7. I wrote about the SS7 flaw in September of 2016  and in March 2107. Maybe this will be the wake-up call for the carriers. One industry insider quipped:

This latest attack serves as a warning to the mobile community about what is at stake if these loopholes aren’t closed … The industry at large needs to go beyond simple measures such as two-factor authentication, to protect mobile users and their data, and invest in more sophisticated mobile security.

SS7 allows voice networks to interoperate

a man-in-the-middle attack In 2014 security researchers first demonstrated that SS7 could be exploited to track and eavesdrop on cell phones. This new attack is essentially a man-in-the-middle attack on cell phone communications. It exploits the lack of authentication in the communication protocols that run on top of SS7.

Developed in 1975, today, over 800 telecommunications companies around the world, including AT&T (T) and Verizon (VZ), use  This technology has not kept up with modern times.  In May 2017, Wired published an article that explains some of the ways to secure SS7. Overcoming SS7 insecurity requires implementing a series of firewalls and filters that can stop the attacks. Researchers Wired spoke to suggest that adding encryption to SS7 would shield network traffic from prying eyes and bolster authentication. Both of these changes are unpopular with the carriers because they cost money and can impact the network core, so don’t expect any network changes to address the SS7 flaw anytime soon.

Carriers should use SS7 firewall to secure the SS7 networkThe Register reports that the FCC’s Communications Security, Reliability and Interoperability Council found that the proposed replacement for SS7 on 5G networks, dubbed the Diameter protocol has security holes too.

In March 2017, Oregon Sen. Ron Wyden and California Rep. Ted Lieu sent a letter to Homeland Security’s John Kelly requesting that DHS investigate and provide information about the impact of SS7 vulnerabilities to U.S. companies and governmental agencies. Kelly has not responded to the letter, according to the Wired article.

Of course, the TLA’s would never use this “flaw” in SS7 to spy on us.

What can you do?

The Guardian says that given that the SS7 vulnerabilities reside on systems outside of your control, there is very little you can do to protect yourself beyond not using the services.

PoliticanThey recommend for text messages, avoiding SMS instead of using encrypted messaging services such as Apple’s (AAPL) iMessage, Facebook‘s (FB) WhatsApp or the many others available will allow you to send and receive instant messages without having to go through the SMS network to protect your messages from surveillance.

For calls, the Guardian recommends using a service that carries voice over data and not through the voice network. This will help prevent your calls from being snooped on. Messaging services including WhatsApp permit calls. Silent Circle’s end-to-end encrypted Phone service or the open-source Signal app also allows secure voice communications.

Your location could be being tracked at any stage when you have your mobile phone on. The only way to avoid it is to turn off your phone or turn off its connection to the mobile phone network and rely on Wi-Fi instead.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
| March 18, 2017
Comments Off on Your Mobile is Leaking SS7

Your Mobile is Leaking SS7

Your Mobile is Leaking SS7There is a vulnerability in the global phone system. The flaw allows hackers to access telephone data using nothing but a phone number. The flaw is in the Signaling System 7 (PDF) or SS7. SS7 is a set of telephony signaling protocols that exchanges information on telephone networks.

Listening to phone callsThe Register points out that SS7 signaling technology was developed in the 1970s. It hasn’t been updated, since the systems became accessible over the internet. The weakness in SS7 allows hackers or TLA’s to exploit the vulnerability with the phone number of the user they’re targeting. The flaw allows them to listen to phone calls, read text messages and track the user’s location.

The SS7 flaw

A white paper (PDF) by independent cyber-security company Positive Technologies explains.

The process of placing voice calls in modern mobile networks is still based on SS7 technology which dates back to the 1970s. At that time, safety protocols involved physical security of hosts and communication channels, making it impossible to obtain access to an SS7 network through a remote unauthorized host. In the early 21st century, a set of signaling transport protocols called SIGTRAN were developed. SIGTRAN is an extension to SS7 that allows the use of IP networks to transfer messages.

However, even with these new specifications, security vulnerabilities within SS7 protocols remained. As a result, an intruder is able to send, intercept and alter SS7 messages by executing various attacks against mobile networks and their subscribers.

The real-world result of the SS7 flaw as Alex Mathews, technical manager EMEA of Seoul Korea-based Positive Technologies explained is.

Chat applications such as WhatsApp, Telegram, and others use SMS verification based on text messages using SS7 signaling to verify the identity of users/numbers.

SMS verification based on text messages using SS7 signallingSMS authentication is one of the major security mechanisms for services like WhatsApp, Viber, Telegram, Facebook (FB), and is also part of second-factor authentication for Google (GOOG) accounts, etc. Devices and applications send SMS messages via the SS7 network to verify identity, and an attacker can easily intercept these and assume the identity of the legitimate user. Having done so, the attacker can read and write messages as if they are the intended recipient.

If chat history is stored on the server, this information can also be retrieved.

60 Minutes hacks SS7

The hack first came to light in 2014. Security researcher Karsten Nohl demonstrated the SS7 flaw at a convention in Germany according to FierceWireless. CBS 60 Minutes (rb- That’s still on?) caused a mild ripple after they ran a story on the flaw. The program engaged Mr. Nohl to demonstrate the vulnerability. He was able to track a new iPhone that had been given to U.S. Rep. Ted Lieu (D-CA).

Mr. Lieu, who holds a degree in computer science from Stanford, agreed to use the phone to talk to his staff knowing it would be hacked. From his office in Berlin, Mr. Nohl was able to access Rep. Lieu’s phone. He tracked the representative’s movements in Los Angeles, read messages, and recorded phone calls between Representative Lieu and his staff.

record phone callsCBS correspondent Sharyn Alfonsi contacted representatives from CTIA for comment on the story. The CTIA said that there have been reports of SS7-related security breaches abroad. She stated, “… but (they) assured us that all U.S. cellphone networks were secure.” Despite the fact that Mr. Lieu was on a U.S. network when his phone was hacked from Germany.

An open secret

The flaw “is an open secret among the world’s intelligence agencies — including ours — and they don’t necessarily want that hole plugged,” Ms. Alfonsi reported. The four major U.S. wireless operators declined to discuss more specific questions from FierceWireless. When asked whether the flaw may threaten the privacy and security of subscribers, AT&T (T) and Verizon (VZ) deferred to CTIA. Sprint (S) and T-Mobile (TMUS) declined to discuss SS7.

Listen to phnoe callsRepresentative Lieu has called for a congressional investigation of the vulnerabilities in SS7. He wrote that “The applications for this vulnerability are seemingly limitless, from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring U.S. government officials.” Lieu said the investigation should be conducted by the House Oversight and Government Reform Committee, of which he is a member.

Investigate the flaws in SS7

The Register reports that Senator Ron Wyden (D-OR) recently joined Representative Lieu to investigate the flaws in SS7. The pair plan to send an open letter [PDF] to Homeland Security. They want an update from Secretary John Kelly on DHS’s progress in addressing the SS7 design shortcomings. It also asks why the agency isn’t doing more to alert the public about the issue. The letter states in part:

We suspect that most Americans simply have no idea how easy it is for a relatively sophisticated adversary to track their movements, tap their calls, and hack their smartphones. … We are also concerned that the government has not adequately considered the counterintelligence threat posed by SS7-enabled surveillance.

 rb-

It is important to understand that the wired and wireless telephone network that your phone connects to is not secure. They probably never will be.

Telephone networks were not designed to be secure.

In the most recent draft of the new Digital Identity Guidelines requirements from NIST warns that:

Note: Out-of-band authentication using the PSTN (SMS or voice) is discouraged and is being considered for removal in future editions of this guideline.

You really have to wonder if this is related to the SS7 hole and why it is only being considered for removal. Maybe some of its TLA friends want the hole to stay in place.

I previously covered the SS7 flaw implications to SMS here.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,