A new report by the Mobile Threat Mitigation Company Iveriffy claims that some of the most prominent mobile traffic interconnect providers used by the old and unnovated network protocols claim that hacking groups are allowing groups to reach mobile data as it blows from the country to the country. Maybe yours too.
To make it even worse, these providers are based in China. For Americans, anything related to China is often seen as bad, but the fact that these services are potential billions of customers, are real. Knowing that they have been compromised with them, many networks are terrible for security professionals.
I take a report from a company that makes profits from network safety with a grain of salt, but after reading the report completely, the claim matters the most.
What is a mobile interconnect provider?
To understand why it matters, you have to know what is being affected. A mobile interconnect provider actually seems to have – one thing that allows two or more different mobile networks to communicate with each other.
Suppose you have a verizon eats. You can send and get anything from another phone using a Verizon account in Verizon’s network, as long as both sides are in the service sector of Verizon.
If you are talking to someone on AT & T, or orange or a normal Verizon service sector (perhaps you are out of holiday), that traffic is to be rooted in various networks, so that it can reach that destination.
These interconnect providers use complex routing and control software to do this. Some, such as Chinese state -owned networks China Mobile, China Telecom, Citic Telecom, and PCCW Global Hong Kong, play a major role in rooting all this traffic and using software and protocols that are severely old and insecure.
There are no speculation of this. SS7 and Vyasa, under consideration network signaling protocols are many real -world examples, it has been exploited. A group with the ability to take advantage of this software can either access the authentication data, SMS messages, location and internet traffic in real time for active hazards or store it for passive hazards.
You are probably not a high-value target, yet your data is being potentially stored, so it can be used against you one day.
The report also states how it makes Chinese government -sponsored hacking groups to operate, but no evidence has been given; An attacker can be anywhere in the world and achieve access. These companies can be controlled by the Chinese state, but they can also suffer in all this. Afflicted with a means of making a change, though.
Your data is being potentially stored, so it can one day be used against you.
The United States stopped considering the Chinese interconnect providers as reliable under the Safe Network Act, so the American outbound traffic is not rooted through any company. But if you are talking to someone, then South Korea, or Bahamas, or even the intelligence of the five-eye intelligence, New Zealand, can send it to you.
What is all this for me?
This is the easy part, which is very good.
This means that you should never send anything to anyone unless it is end-to-end encrypted. Doing this can mean that anyone can take a look at it.
This means EverythingYour messages, your bank data, and especially SMS 2FA code from companies that do not care about your safety to use an alternative authentication method. Like my bank (and perhaps yours too).
I know that I am not enough, nor do I have enough money for any big hacking group. The fact is, you are probably the same. This does not mean that we should not care; One day, I can win mega million or be elected President.
We can only do what we can do when we can. The real enablers of such dirt will do whatever they can do.
