If you watched to the end, which privacy camp do you self-select into? Leave a comment to let me know. Thanks for watching!
@clanholmes10 күн бұрын
I am not sure if you can do this. But you should interview Ron Diebert. He is the citizen lab at the University of Toronto and was part of the group that helped Dalai Lama after he was hacked. He has a booking coming soon, so he might be willing to some interviews.
@concernedrn28449 күн бұрын
is google voice encrypted? since it is a voip, is it more secure than the cellular sms?
@EIRE557 күн бұрын
I only use a dumb phone for 2FA codes.
@gelbphoenix3 күн бұрын
@@concernedrn2844 Google Voice apparently also uses SS7 when using 2G or 3G.
@WilliamBillWilson9 күн бұрын
I seem to recall a U.S. Supreme Court case from a few decades ago where they referred to cell phones as basically radios. Which, of course, they are--they just use a different part of the electromagnetic spectrum and are more sophisticated than the walkie-talkies some of us had as kids. I'm not going to change anything I'm doing, but I'm glad to know about this vulnerability. I'm also glad I'm not someone who is a juicy target (or, at least I wasn't until I left this comment). Thanks for the great explanation and context!
@xileets9 күн бұрын
Everyone MUST also remember, the weakest MFA/2FA option that is *active* for auth is the maximum strength of your login security.
@AllThingsSecured9 күн бұрын
Great point. Although that wouldn't really help in an SS7 attack.
@DavidDLee7 күн бұрын
TL;DR nothing to do for now. Most banks I use have text 2nd factor as the only option.
@graysonpeddie3 күн бұрын
Yup. Bank of America doesn't care for allowing 2FA applications...
@sergetheijspartner20055 күн бұрын
So for nearly 50 years we are using this unsecure SS7? And no one came up with SS8, SS9....yet, as in being more secure with every iteration i mean? Why not? Is it so hard to replace? Not backwards compatible with existing phones? Not allowed buy security agencies worldwide (CIA, Mossad, DGSE, MSS, MI6....to name but a few )? I mean you do know that the one that comes up with a higher security protocol will dominate the cellphone market but also get Eppsteined or Mcafeed like really fast...
@synthwave78 күн бұрын
Email - created first in 1971 and still used today has a lot of security isuses - these old technologie are great, but needs a total rewrite from ground up to be secure for today's world.
@vadnegru3 күн бұрын
At least email could be signed to avoid forgery
@ImPipkinrick10 күн бұрын
Do VOIP numbers like Google Voice get affected too?
@fernandosorrilha9 күн бұрын
Yes, because any phone number use SS7 Network
@AllThingsSecured9 күн бұрын
Yes, they still use SS7.
@justintyme69205 күн бұрын
Might need some clarity on that...
@palles19727 күн бұрын
When you sign up for some counter service, you must give you a phone number away and you don’t have other kind of meanings
@illwittd4 күн бұрын
Would love to see a review vid on the Above Phone if you end up using it for a long enough period
@AllThingsSecured4 күн бұрын
Maybe so. We’ll see.
@rpm36057 күн бұрын
Josh, I’d like use one of the alternative MFA schemes but none of them is as ubiquitous as using a text or email for receiving an authication code. Have to use multiple solutions is as big a pain as trying to keep up with password management, if not bigger. IMHO anyway.
@vadnegru3 күн бұрын
Some password managers also have 2fa built-in. This makes them not so 2f but it's neat to use
@Jensen-James-Productions8 күн бұрын
hey josh! thanks for the real captions! i appreciate it!
@JRScaggs6 күн бұрын
I work in the telecom industry. The best solution to avoid Signaling System 7 (SS7) risk is to sunset 2G and 3G and only support 4G and 5G. The latest standard, 5G, has the best encryption to help maintain privacy. Later in the video, Josh points out that being seen as a mobile provider is difficult, so the average bear cannot easily do SS7 attacks.
@MyaHartLuv6 күн бұрын
You’d be surprised at just how “average” these attackers are- easily any neighbor with a false narrative against a target
@aperson11818 күн бұрын
I never do any business on a phone, as in no banking, I have a flip phone so no malware attacks and where possible (banks) I do give only Google Voice. MAny banks do not want VOIP numbers and restrict, so I tell them this is all I have and they either hand up nad then call back on my registered number, or send emails or ask security questions. NO Sim swaps for me are even possible.
@timeisnow339 күн бұрын
Josh. Your link to fb2 key doesn't work. Please update it.
@charlesdoesmore54887 күн бұрын
So here the choice: Either keep this hack happening in the world, or make carrier to force a planned obsolescence on tech.
@blueeuphoriaaa5 күн бұрын
Hey boss, what's your thoughts on Grapheneos with a burner sim?
@kiriup818810 күн бұрын
So can this be used silently on someone without them knowing or is there a way to check/know of you are a victim of this attack? I guess what im asking is how do I know this hasnt already happened to me and someone out there isnt already intercepting and collecting all my data?
@rompis.a9 күн бұрын
The demo done on Veritasium shows that when a call gets intercepted, there will be no sign of it on the victim's end. The only way for the victim to find out is when they talk with the caller afterwards.
@AllThingsSecured9 күн бұрын
It can be done silently, but as I said in this video, unless you are a high-value target and the person tracking you has a lot of technical expertise and money, the chances of you being the victim of an SS7 attack are very, very, VERY small.
@MyaHartLuv6 күн бұрын
The Securities Industry has deep pockets and endless foot soldiers. The targeting is more prevalent than one might think. Electronic harassment is a growing epidemic because its becoming easier by the day.
@lussor14 күн бұрын
Banks still using SMS for 2FA 😭
@AllThingsSecured4 күн бұрын
Sadly, they do.
@TheJDSmith8 күн бұрын
What using FaceTime Audio over standard mobile and iMessage over sms?
@tails3003 күн бұрын
Is this the reason that why 2g and 3g networks are getting shutdown.
@vadnegru3 күн бұрын
No, it's just to free up space for 5G
@concernedrn28449 күн бұрын
is google voice encrypted? since it is a voip, is it more secure than the cellular sms?
@AllThingsSecured9 күн бұрын
The SMS texts aren't encrypted as far as I know. Not sure about the voice.
@a95031289 күн бұрын
Because US telcos are 10years behind, if your telco is communicating with you in-band then you need to explain why you’re leaving them.
@1TechCritic8 күн бұрын
Except it’s every carrier. Not just US. Or did you just not bother watching lol.
@a95031288 күн бұрын
@@1TechCritic not every carrier, in the developed word SS7 and MMS are for phone calls and cat pictures from your gran
@ThisIsLiam-m6j7 күн бұрын
@@a9503128 You're mistaken. While 5G does not use SS7, your car's emergency button may rely on 2G, which does use SS7. Additionally, outside of the US, 5G coverage in the EU is not universal, and in areas with poor connectivity, 3G or 2G networks will still operate using SS7.
@cottagekeeper9 күн бұрын
Completely freaked out! Now I know why a certain person always knows everything. How much do I have to spend to fix this?
@rompis.a9 күн бұрын
Convince all phone providers (not just yours) to move away from SS7.
@AllThingsSecured9 күн бұрын
Just move to a new private number that this certain person doesn't know.
@tubeDude482 күн бұрын
Your *2FA* link is dead!
@polymatrix9 күн бұрын
I watched the entireveritasium video, but I'm not clear if a data-only cellular plan (where you don't have a phone number) would be subject to the attack. I want to say "no" as this is exploiting an authorization/tracking mechanism for the phone number, but I'm not sure if it's actually looking for the exact phone number or the SIM the phone is authorized on.
@rompis.a9 күн бұрын
Data-only plan would stop your calls and SMS messages getting intercepted, but it won't save you from other SS7-related spying. Veritasium video mentioned, for example, about finding out your location by triangulating the cell towers around you.
@AllThingsSecured9 күн бұрын
Yes, because you're still using a SIM/eSIM for the data-only plans. So there's still tracking involved. As said in another comment, though, it would keep your calls and SMS from being intercepted.
@CRK19187 күн бұрын
4g and 5g are more secure? Doing the test, the video doesn't mention what Linus is using...
@gelbphoenix3 күн бұрын
4G and 5G aren't using SS7 but could be also vulnerable. Especially 4G is more vulnerable because it has a higher compatibility with 3G.
@JSATI9 күн бұрын
Not specific to this video however if you are using virtual card services such as privacy or clutch can you start using these services while having a credit freeze already in place?
@AllThingsSecured9 күн бұрын
Yes, most of the virtual cards don't do a credit pull to get started.
@Nobleflex1017 күн бұрын
Brilliant 👏
@kemarchristie60509 күн бұрын
Efani the sim company eliminates this but its like 999$ usd per year for this service. oh you mentioned it I commented at the start
@AllThingsSecured9 күн бұрын
Yea, believe it or not, that's actually a reasonable charge based on other competition that is $130/mo +. It just depends on your threat model.
@kemarchristie60509 күн бұрын
@@AllThingsSecured yea depends on the person. CEOS For large companies and mid sized companies definitely need this. Government officials etc since they are highly targeted.
@MyaHartLuv6 күн бұрын
Great channel! I had 3 months of peace with my new carrier, number and device- then a cyber attack so hard my only phone crashed. I was completely locked out. So I went back to the flip phone for calls and text and the smart phone for net with calls and text completely disabled at the carrier level. Im looking forward to Efani!! TYSMUCH
@bine3510 күн бұрын
Is a PIN/PUK code on the SIM sufficient or no?
@Miranox210 күн бұрын
Nope.
@dumbdee49 күн бұрын
@@Miranox2 Yep
@AllThingsSecured9 күн бұрын
No, that's just to protect against SIM swaps. An SS7 attack is different.
@tech-bore88398 күн бұрын
As if hacking Linus is a "challenge" at this point.
@synthwave78 күн бұрын
You are just jealous of Linus - he is a guru.
@vadnegru3 күн бұрын
I don't think he was hacked personally, usually it's some woman who clicked wrong link
@gelbphoenix3 күн бұрын
1. In the mentioned video they didn't attacked the real phone of Linus but a different number. 2. Linus has a whole company and besides that the Twitter/X hack of LMG was a targeted social engineering attack. That could happen to everybody - from Pete next door to Elon Musk.