
I Got Hacked and All I Got Was This New SIM Card - uptown
https://carpeaqua.com/2017/07/07/hack-the-planet/
======
soyiuz
Over and over we learn that the carrier is the weak link in the security
chain. What is an effective way to deal with this?

I have a Google Voice number which I use for texts and verification and which
forwards to carrier cell number. Taking over the carrier numbewr therefore
does nothing and Google support is crappy enough to never allow one to speak
with a human representative. Google Voice itself is behind two factor.

I don't feel good about the setup, since the second factor is not technically
a separate device with Google Voice. It seems better than the alternatives for
now. Any other ideas of how to practically eliminate the weak link?

------
Rjevski
The problem is that we rely on phone companies way too much. You wouldn't
trust some random person in a foreign country with a million dollars, right?
Yet the phone companies are trusting those same people and are giving them
enough access to their infrastructure to do millions of dollars in damage if
they wanted. And of course if you treat your employees like crap you'll get
some people breaking protocol and the fun starts.

Until phone companies get their stuff together and start acting responsibly
(which will never happen, because the current situation is still profitable
for them), we need to stop trusting them and assume every single bit of data
sent over their networks is compromised and readable by anyone. So don't rely
on phone numbers, and if you must, get one from a reputable VoIP provider
(Google Voice?) and use that instead.

And as if this wasn't bad enough, there are inherent vulnerabilities in the
protocols used to do roaming between carriers. When you're connected to the
SS7 network you can say to any carrier "hey this SIM is now roaming on my
network so just send me all of their calls and texts" and the attacked network
will happily comply, sometimes despite the fact that the victim's phone is
still connected to the attacked network's towers.

