toad.social

Kevin Karhan :verified:<a href="https://social.heise.de/@heiseonline" class="u-url mention" rel="nofollow noopener" target="_blank">@heiseonline</a> allein die Masse von <a href="https://infosec.space/tags/SS7" class="mention hashtag" rel="nofollow noopener" target="_blank">#SS7</a> Angriffen macht dies IMHO zur <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Govware</a> die verboten gehört.<ul><li>Vorallem weil dies bestenfalls für doe Verfolgung von <a href="https://infosec.space/tags/OpferloseDelikte" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpferloseDelikte</a>|n wie <a href="https://infosec.space/tags/Drogenbesitz" class="mention hashtag" rel="nofollow noopener" target="_blank">#Drogenbesitz</a> missbraucht wird!</li></ul>

The New OilA <a href="https://mastodon.thenewoil.org/tags/surveillance" class="mention hashtag" rel="nofollow noopener" target="_blank">#surveillance</a> vendor was caught exploiting a new <a href="https://mastodon.thenewoil.org/tags/SS7" class="mention hashtag" rel="nofollow noopener" target="_blank">#SS7</a> attack to track people’s phone locations<a href="https://techcrunch.com/2025/07/18/a-surveillance-vendor-was-caught-exploiting-a-new-ss7-attack-to-track-peoples-phone-locations/" rel="nofollow noopener" translate="no" target="_blank">https://techcrunch.com/2025/07/18/a-surveillance-vendor-was-caught-exploiting-a-new-ss7-attack-to-track-peoples-phone-locations/</a><a href="https://mastodon.thenewoil.org/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> <a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a>

Ian Brown 👨🏻‍💻<a href="https://eupolicy.social/tags/Meta" class="mention hashtag" rel="nofollow noopener" target="_blank">#Meta</a> ‘“had reminded partners of contractual obligations to ensure <a href="https://eupolicy.social/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> & <a href="https://eupolicy.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> when delivering <a href="https://eupolicy.social/tags/SMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#SMS</a> messages…” But we didn’t receive similar confirmations of enhanced due diligence from other companies — including, perhaps surprisingly, <a href="https://eupolicy.social/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a>.”’ <a href="https://eupolicy.social/tags/SS7" class="mention hashtag" rel="nofollow noopener" target="_blank">#SS7</a> <a href="https://medium.com/@lighthousereports/using-leaked-data-to-examine-vulnerabilities-in-sms-routing-and-ss7-signalling-8e30298491d9" rel="nofollow noopener" translate="no" target="_blank">https://medium.com/@lighthousereports/using-leaked-data-to-examine-vulnerabilities-in-sms-routing-and-ss7-signalling-8e30298491d9</a>

Dagger ☀️Oh, das <a href="https://chaos.social/tags/SS7" class="mention hashtag" rel="nofollow noopener" target="_blank">#SS7</a> hat es wieder einmal erwischt. Es gibt spannende Details:The Good, the Bad, and the Encoding: An SS7 Bypass Attack <a href="https://www.enea.com/insights/the-good-the-bad-and-the-encoding-an-ss7-bypass-attack/" rel="nofollow noopener" translate="no" target="_blank">https://www.enea.com/insights/the-good-the-bad-and-the-encoding-an-ss7-bypass-attack/</a>

Ian Brown 👨🏻‍💻OH: "thankfully most networks re now turning off <a href="https://eupolicy.social/tags/3G" class="mention hashtag" rel="nofollow noopener" target="_blank">#3G</a> / <a href="https://eupolicy.social/tags/SS7" class="mention hashtag" rel="nofollow noopener" target="_blank">#SS7</a>. Though in parallel, paving the way for better and easier <a href="https://eupolicy.social/tags/metadata" class="mention hashtag" rel="nofollow noopener" target="_blank">#metadata</a> collection by ISPs and <a href="https://eupolicy.social/tags/WhatsApp" class="mention hashtag" rel="nofollow noopener" target="_blank">#WhatsApp</a> types."The first WhatsApp server that the device talks to is subject to the country’s secret services data collection powers" 💯

SpaceLifeForm<a href="https://mastodon.social/@zackwhittaker" class="u-url mention" rel="nofollow noopener" target="_blank">@zackwhittaker</a> How is this 'new'?Btw, I tried to read the article on mobile, which failed, so I have to assume it works.<a href="https://infosec.exchange/tags/SS7" class="mention hashtag" rel="nofollow noopener" target="_blank">#SS7</a>

nemo™ 🇺🇦SS7 attacks remain a top threat to 📱 security—allowing hackers to intercept calls, read SMS, bypass 2FA, & track users worldwide through telecom flaws 🚨. Mobile users must switch to app-based 2FA & encrypted messaging! Learn more from SOCRadar: <a href="https://socradar.io/why-ss7-attacks-are-the-biggest-threat-to-mobile-security-exploiting-global-telecom-networks/" rel="nofollow noopener" translate="no" target="_blank">https://socradar.io/why-ss7-attacks-are-the-biggest-threat-to-mobile-security-exploiting-global-telecom-networks/</a> <a href="https://mas.to/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mas.to/tags/MobileSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#MobileSecurity</a> <a href="https://mas.to/tags/SS7" class="mention hashtag" rel="nofollow noopener" target="_blank">#SS7</a>

nemo™ 🇺🇦Ethical hackers play a key role in fighting <a href="https://mas.to/tags/SS7" class="mention hashtag" rel="nofollow noopener" target="_blank">#SS7</a> abuse by actively testing networks for flaws, helping telcos patch vulnerabilities before attackers can strike 🔒🤝🌐. SRLabs calls for vetted access & better rules to secure global communications. Read more: <a href="https://www.srlabs.de/blog-post/ethical-hackers-can-help-reduce-ss7-abuse" rel="nofollow noopener" translate="no" target="_blank">https://www.srlabs.de/blog-post/ethical-hackers-can-help-reduce-ss7-abuse</a> <a href="https://mas.to/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mas.to/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#EthicalHacking</a>

nemo™ 🇺🇦🔒 SS7 protocol vulnerabilities remain a major threat in telecom, allowing attackers to intercept calls, track locations, and commit fraud. SimplerHacking's repo breaks down the risks, attack methods, and defenses for <a href="https://mas.to/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> pros. 🚨🔍 Details ➡️ <a href="https://github.com/simplerhacking/SS7-Vulnerability-Research-and-Tutorial" rel="nofollow noopener" translate="no" target="_blank">https://github.com/simplerhacking/SS7-Vulnerability-Research-and-Tutorial</a> <a href="https://mas.to/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://mas.to/tags/SS7" class="mention hashtag" rel="nofollow noopener" target="_blank">#SS7</a>

Emory<a href="https://infosec.exchange/@paul_ipv6" class="u-url mention" rel="nofollow noopener" target="_blank">@paul_ipv6</a> <a href="https://infosec.exchange/@briankrebs" class="u-url mention" rel="nofollow noopener" target="_blank">@briankrebs</a> verisign owned a big chunk of ss7 into the aughts. they divested most of their business units and their <a href="https://soc.kvet.ch/tags/SS7" class="mention hashtag" rel="nofollow noopener" target="_blank">#SS7</a> assets were sold off. i think ss7 might be <a href="https://soc.kvet.ch/tags/twilio" class="mention hashtag" rel="nofollow noopener" target="_blank">#twilio</a> and <a href="https://soc.kvet.ch/tags/carlyleGroup" class="mention hashtag" rel="nofollow noopener" target="_blank">#carlyleGroup</a>'s problem to solve, which scares me a little cuz twilio is right in the eye of the hurricane of agentic ai fraud swarms that is forming 😬it's been parted put to carriers ATT/Verizon/Lumen maintain their own ss7 infra. it's still roaming hubs out there, isn't it?

B-TR3E<a href="https://mastodon.social/@Privacymatters" class="u-url mention" rel="nofollow noopener" target="_blank">@Privacymatters</a> Worth mentioning that "Global Titles" provide access to the <a href="https://mastodon.social/tags/SS7" class="mention hashtag" rel="nofollow noopener" target="_blank">#SS7</a> network and the problems with Signalling Standard 7 -an antique but still used protocol that predates cellular networks- have been known for decades.

SpaceLifeForm<a href="https://mastodon.laurenweinstein.org/@lauren" class="u-url mention" rel="nofollow noopener" target="_blank">@lauren</a> And here we are today, with not millions of dollars, one can setup an NVO and send SMS Spam because SS7 is not secure.The original thinking was that if they had physical security of the wires, there would be logical security.But, as the networks evolved, the old thinking did not.<a href="https://infosec.exchange/tags/SS7" class="mention hashtag" rel="nofollow noopener" target="_blank">#SS7</a>

teledyn 𓂀Scary bedtime stories for adults. <a href="https://mstdn.ca/tags/ss7" class="mention hashtag" rel="nofollow noopener" target="_blank">#ss7</a> <a href="https://mstdn.ca/tags/2fa" class="mention hashtag" rel="nofollow noopener" target="_blank">#2fa</a> <a href="https://mstdn.ca/tags/surveillance" class="mention hashtag" rel="nofollow noopener" target="_blank">#surveillance</a><a href="https://youtube.com/watch?v=wVyu7NB7W6Y&si=zibgYyMpK7XwCp83" rel="nofollow noopener" translate="no" target="_blank">https://youtube.com/watch?v=wVyu7NB7W6Y&si=zibgYyMpK7XwCp83</a>

Kevin Karhan :verified:<a href="https://kolektiva.social/@licho" class="u-url mention" rel="nofollow noopener" target="_blank">@licho</a> <a href="https://hachyderm.io/@osman" class="u-url mention" rel="nofollow noopener" target="_blank">@osman</a> provide evidence the code <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> released is actually being deployed.<ul><li>Whereas <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@monocles</a> has <a href="https://infosec.space/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener" target="_blank">#ReproducibleBuilds</a> to the point that <a href="https://floss.social/@fdroidorg" class="u-url mention" rel="nofollow noopener" target="_blank">@fdroidorg</a> literally pulls their <code>git</code> and builds it from source.</li></ul>Not to mention pushing a <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Shitcoin</a>-<a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#Scam</a> (<a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#MobileCoin</a>) disqualifies <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> per very design! <a href="https://www.youtube.com/watch?v=tJoO2uWrX1M" rel="nofollow noopener" translate="no" target="_blank">https://www.youtube.com/watch?v=tJoO2uWrX1M</a><ul><li>Given the collection of <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a>, the ability to restrict functionality based off those and the fact that <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> is subject to <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudAct</a> make it inherently not trustworthy.</li></ul>And don't even get me started on the fact.it's not sustainable to run it as a <a href="https://infosec.space/tags/VCmoneyBurningParty" class="mention hashtag" rel="nofollow noopener" target="_blank">#VCmoneyBurningParty</a>!<ul><li>As soon as Signal becomes a problem, it will be taken offline, and due to the fact that it is <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#centralized</a>, <a href="https://infosec.space/tags/proprietary" class="mention hashtag" rel="nofollow noopener" target="_blank">#proprietary</a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#SingleVendor</a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#SingleProvider</a> that's trivial for authorities.</li></ul>Same as identifying users: They already got a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumber</a> which in many juristictions one can't even obtain without <a href="https://infosec.space/tags/ID" class="mention hashtag" rel="nofollow noopener" target="_blank">#ID</a> legally, thus making it super easy to i.e. find and locate a user. Even tze cheapest LEAs can force their local M(V)NOs to <a href="https://infosec.space/tags/SS7" class="mention hashtag" rel="nofollow noopener" target="_blank">#SS7</a> a specific number...<ul><li>All these are unnecessary risks, that could've been avoided, but explicitly don't even get remediated retroactively!</li></ul>Again: Signal has a <a href="https://infosec.space/tags/Honeypot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Honeypot</a> stench, and you better learn proper <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#E2EE</a>, <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfCustody</a> and <a href="https://infosec.space/tags/TechLiteracy" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechLiteracy</a> because <a href="https://web.archive.org/web/20210606070919/twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener" target="_blank">corporations can't pull the 5th [Amendment] on your behalf!</a>

SpaceLifeForm<a href="https://federate.social/@mattblaze" class="u-url mention" rel="nofollow noopener" target="_blank">@mattblaze</a> I doubt Hegseth can spell Metadata when sober.<a href="https://infosec.exchange/tags/SS7" class="mention hashtag" rel="nofollow noopener" target="_blank">#SS7</a> <a href="https://infosec.exchange/tags/Metadata" class="mention hashtag" rel="nofollow noopener" target="_blank">#Metadata</a>

adingbatponder<a href="https://mostr.pub/users/756240d3be0d553b0cd174b3499cffa37fbe8394ee06b9ab50652e314c265fc2" class="u-url mention" rel="nofollow noopener" target="_blank">@756240d3be0d553b0cd174b3499cffa37fbe8394ee06b9ab50652e314c265fc2</a> Thanks but is this <a href="https://fosstodon.org/tags/SMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#SMS</a> related <a href="https://fosstodon.org/tags/SS7" class="mention hashtag" rel="nofollow noopener" target="_blank">#SS7</a> attack special to Pixel in any way? <a href="https://www.techtarget.com/whatis/definition/SS7-attack" rel="nofollow noopener" translate="no" target="_blank">https://www.techtarget.com/whatis/definition/SS7-attack</a> Do u have further info? Do you have further info on M2M? Is pixel particularly affected? <a href="https://www.researchgate.net/publication/335487284_Attacks_Against_GSMA's_M2M_Remote_Provisioning_Short_Paper" rel="nofollow noopener" translate="no" target="_blank">https://www.researchgate.net/publication/335487284_Attacks_Against_GSMA's_M2M_Remote_Provisioning_Short_Paper</a>

756240d3be0d553b0cd174b3499cffa37fbe8394ee06b9ab50652e314c265fc2Be aware. The Google Pixel also has the <a class="mention hashtag" href="https://mostr.pub/tags/SS7" rel="nofollow noopener" target="_blank">#SS7</a> and <a class="mention hashtag" href="https://mostr.pub/tags/M2M" rel="nofollow noopener" target="_blank">#M2M</a>-RSP problem!

SpaceLifeFormRemember that SS7 is not secure<a href="https://www.techdirt.com/2025/01/23/phone-metadata-suddenly-not-so-harmless-when-its-the-fbis-data-being-harvested/" rel="nofollow noopener" translate="no" target="_blank">https://www.techdirt.com/2025/01/23/phone-metadata-suddenly-not-so-harmless-when-its-the-fbis-data-being-harvested/</a><a href="https://infosec.exchange/tags/SS7" class="mention hashtag" rel="nofollow noopener" target="_blank">#SS7</a> <a href="https://infosec.exchange/tags/Metadata" class="mention hashtag" rel="nofollow noopener" target="_blank">#Metadata</a>

Benjamin Carr, Ph.D. 👨🏻‍💻🧬<a href="https://hachyderm.io/tags/DHS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DHS</a> Says <a href="https://hachyderm.io/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#China</a>, <a href="https://hachyderm.io/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Russia</a>, <a href="https://hachyderm.io/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#Iran</a>, and Israel Are <a href="https://hachyderm.io/tags/Spying" class="mention hashtag" rel="nofollow noopener" target="_blank">#Spying</a> on People in <a href="https://hachyderm.io/tags/US" class="mention hashtag" rel="nofollow noopener" target="_blank">#US</a> with <a href="https://hachyderm.io/tags/SS7" class="mention hashtag" rel="nofollow noopener" target="_blank">#SS7</a> The Department of <a href="https://hachyderm.io/tags/HomelandSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#HomelandSecurity</a> knows which countries SS7 attacks are primarily originating from. Others include countries in Europe, Africa, and the Middle East. In the newly released document, <a href="https://hachyderm.io/tags/SenatorWyden" class="mention hashtag" rel="nofollow noopener" target="_blank">#SenatorWyden</a>’s says <a href="https://hachyderm.io/tags/DoD" class="mention hashtag" rel="nofollow noopener" target="_blank">#DoD</a> confirmed it believes that all US <a href="https://hachyderm.io/tags/telecom" class="mention hashtag" rel="nofollow noopener" target="_blank">#telecom</a> are vulnerable to SS7 and Diameter <a href="https://hachyderm.io/tags/surveillance" class="mention hashtag" rel="nofollow noopener" target="_blank">#surveillance</a>, and that DoD has not reviewed 3rd-party audits carried out by US carriers <a href="https://www.404media.co/dhs-says-china-russia-iran-and-israel-are-spying-on-people-in-us-with-ss7/" rel="nofollow noopener" translate="no" target="_blank">https://www.404media.co/dhs-says-china-russia-iran-and-israel-are-spying-on-people-in-us-with-ss7/</a>

SpaceLifeForm<a href="https://mastodon.scot/@kim_harding" class="u-url mention" rel="nofollow noopener" target="_blank">@kim_harding</a> I would not call it secret.Do not text sensitive information.<a href="https://infosec.exchange/tags/SS7" class="mention hashtag" rel="nofollow noopener" target="_blank">#SS7</a>

Recent searches

Search options

Administered by:

Server stats:

#ss7