May. 10th, 2017

thewayne: (Default)
Whenever you use your cell phone, or a land line, your call is routed through a switch that uses something called SS7 routing.  It's an industry standard used literally around the world.  And it is insecure by design.  It became this way because SS7's predecessors began in those halcyon days of the internet when everybody was nice to each other and there were no bad people online, so trust, verification, and security wasn't baked in from the beginning.  Sadly, we now know that those days never really existed and we're really paying the price now.

You can now buy a cyber malware toolkit for about $1000 that will let you gain control of SS7 switches.  Bank accounts are being looted in Germany where malware and keyboard loggers have been used to suck credentials from personal and business accounts, then SS7 malware is used to intercept the SMS verification code sent by the bank to the "account holder", allowing accounts to be drained and tracking the criminals becomes very difficult.

I use PayPal in such a mode, tied directly to my checking account.  Perhaps I should see if I can point it at my savings account, and when I go to buy something from Humble Bundle or whatever, transfer funds to that account, make the transaction, and ignore it.

THERE. IS. NO. EASY. SOLUTION. TO. THIS.  The best solution is the keyfob authenticator that has the random number LCD display that changes every minute or so, but those are expensive to deploy and, if you lose the fob, a PITB to replace and re-integrate in to your account.  And they aren't 100% impervious to hacking, but they're damn difficult.

I use my bank via web browsing.  I access it via my phone through a fingerprint scan, likewise my main credit card, which also pops up an alert on my phone whenever a charge hits.  I have no idea how secure that fingerprint technology is for that purpose.  It is somewhat secure in that a fingerprint won't unlock my phone: for that, you'll need a code that isn't just a four digit number.

https://www.schneier.com/blog/archives/2017/05/criminals_are_n.html

September 2017

S M T W T F S
     12
3 4 5678 9
101112 1314 15 16
1718 19 20212223
24252627282930

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 22nd, 2017 01:30 pm
Powered by Dreamwidth Studios