SMS intercept, hi-jack, access, ...
So there are a few things going on that the media, and others, are confusing:
Social engineering attacks (number slamming), and SS7 interaction. Sure, on the backend both influe HLR (home location registers).
There are a surprising number of significant services that let you reset everything if you know only the phone number (and can respond to OTP messages sent to the number).
More than you realize.
You know, the main e-mail acct you use to have all your email-reset passwords sent to fit your bank/amazon/venmo/paypal/bitcoin-y/etc type accounts.
But this is a modest risk...
Either way, there’s some work required if the adversary.
It can be worth it
Leaving likely physical evidence along with digital inference. Maybe worth it for 5M (BTC equiv, ymmv).
motherboard.vice.com/en_us/article/…
The social engineering / physical aspect of stealing a mobile number is not to be scoffed at. It works. It’s doable at the ‘street-crime’ level,
And yes, I’m saying SMS 2FA is better than no 2FA.
But here’s where it gets good/scary, in my opinion.
en.wikipedia.org/wiki/Local_num…
People could keep their numbers, when they moved homes... when they went mobile.
Along with a lot of other enhancements to SS7, this was special.
They were reselling access (SS7) into the walled garden. This later became VoIP providers. The more promiscuous ones running the media gateways that international robo-callers use. Cheaply.
They are plentiful, and many have direct SS7...
Your cable/ISP/broadband/home VoIP system? It likely accepts SIP-T (SS7 messages inside VoIP signaling).
So telcos literally place trusted infrastructure in your home.
(Just like in-band signaling [blue box etc.])
What keeps me up at night is that SS7 had an access model for its security that is now wrong. That was (largely) its security model.
“Give us ~1000 numbers and get OTPs for the next 5mins”.
Yikes!
I’m scared for e-mail recovery accounts.
Think of it like this:
BGP, DNS, and TCP transport rolled into one: SS7.
Protection = allowed to talk to it.
(And “VoIP” talks to it...)
Good night :)
EOL
/HT MCP