Many of us don't know the standards used in implementing the complex communication technologies that enables us today. Many of us do not know or even care about encryption or its use. We may not even know about the groups or companies that fight or go against governments to ensure that people have their right to privacy.
Some will say that what you don't know can't hurt you but that is more often false. Just because you don't know gravity exists doesn't make gravity harmless. Just because you don't know fire burns mean you won't be burnt. Just because you don't know that effects of a hacking vulnerability doesn't mean you won't be hacked or be affected by it.
Over a year ago a vulnerability to one of the standards widely implemented to facilitate communications was found to be vulnerable to an attack. The extent or general impact of the attack was explained by theguardian: SS7 hack explained: what can you do about it? and you will have to read this to get a primer about the problem.
At last, US' FCC finally said something;
Here's a link (https://t.co/pKgztMiXZj) to FCC's investigation result and official statement.
Update: March 31, 2017
Hackers demo'ed the SS7 vulnerability, hijacked WhatsApp and Telegram app. https://blog.drhack.net/whatsapp-telegram-hacking-demo-live-ss7-vulnerability/ And to be clear about the demo, it didn't break encryption but demonstrated how vulnerable SS7 is.
What's Next
As far as we know, the Telecommunication Companies here in the Philippines try their best to follow US and UK standards. Are we as vulnerable as them?
By no wild conjecture, yes, we are as vulnerable as them - maybe even more vulnerable than they are. The next step is enabling or utilizing encryption in all forms of communication. It's either this or someone innovates a TelCo killer with very good encryption support.
Comments
Post a Comment