Page 1 2
Go | New | Find | Notify | Tools | Reply | |
Optimistic Cynic |
Actually "they" did not do anything of the kind. What they did was break into the mobile provider's servers that handle these device-to-device communications. Messages/calls/etc. do not go directly from device to device via some kind of circuit. They use store and forward techniques adn are passed through multiple devices in transit, some owned by you, some owned by your provider, and some (e.g. Internet core routers) owned by unknown parties (and not the same ones every time, even during a single call). | |||
|
Nullus Anxietas |
Kind of, but not really. It's only Apple<->Android because Apple uses iMessage and Android uses RCS. More accurate to say it's any platform<->any platform that doesn't share the same encryption standard, thus necessitating decryption->plain text->re-encryption somewhere in the pipeline. Anything sent through the compromised TelCom system via SMS is vulnerable. But... capturing just a time-limited authentication token isn't necessarily a big deal. If I'm logging in to a site that sends me a 2FA token via SMS, that token will only be good for that particular login session, which I've established via username/password authentication. Unless they're also executing a man-in-the-middle (MitM) attack against that login session, that token will be worthless to them. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
| Member |
Agreed that there is a limited time value to that token, and random token discovery has little value other than perhaps finding what entity sent it. If it’s all interesting enough ( entity and receiver ) then I might be interested in targeting other things. I would expect really interesting organizations that the CCP are interested in aren’t using SMS shipped one time tokens. I’d say most of us here are not necessarily that interesting. Well, I am, at least that’s what I tell myself.  -- I always prefer reality when I can figure out what it is. JALLEN 10/18/18 https://sigforum.com/eve/forum...610094844#7610094844 | |||
|
| Member |
Ensigmatic, welcome back! I was thinking of you the other day when I read an article about the MS Visual Studio Code development application having a few gaping security holes in it. Back to your article this little problem can be a big deal. I wrote an application for the organization I work for that sends out texts to needed parties that warns us of off hours processes completion, failure, or failure to run. We stopped that a couple of weeks ago. Now we need to log on to our VMs at work via a laptop and read the output logs. Arggghhhh  As far as my personal texts, they don't exist. I don't read other people's (very few) and I never initiate a chain. | |||
|
Vi Veri Veniversum Vivus Vici |
Thoughts on how these options (including google messaging) compare and contrast to using whatsapp? _________________________ NRA Endowment Member _________________________ "Of all tyrannies, a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their own conscience." -- C.S. Lewis | |||
|
| Nullus Anxietas |
WhatsApp is owned by Meta--the same people that own FaceBook. I don't trust anything Meta any further than I can throw them. That being said: WhatsApp uses the same E2EE (end-to-end encryption) protocol Signal (Private Messenger) uses, so theoretically it should be every bit as secure as Signal. But, again: Meta. Do not trust. Other than that, there's this:  Apologies for the size. I tried down-sizing it, but the text became illegible. Don't know anything about Google Messages. Hardly trust Alphabet (Google's owners) any more than I do Meta. (See, for example: YouTube is pulling my firearms content. YouTube is also owned by Alphabet.) "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
| Vi Veri Veniversum Vivus Vici |
Very helpful, thank you. _________________________ NRA Endowment Member _________________________ "Of all tyrannies, a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their own conscience." -- C.S. Lewis | |||
|
| Powered by Social Strata | Page 1 2 |
 | Please Wait. Your request is being processed... |
|
© SIGforum 2024