UK Mobile Phones (uk.telecom.mobile) Mobile telephone equipment and networks.

Reply
 
LinkBack Thread Tools Display Modes
  #11   Report Post  
Old December 19th 18, 10:53 AM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Oct 2011
Posts: 383
Default 5 Live Science Night - Phishing Attacks

On 19/12/2018 10:22, Java Jive wrote:
On 19/12/2018 09:09, Chris in Makati wrote:

How can they do that? Everything is highly encrypted until it reaches
the phone.


AFAIAA, the SMS is open to various types of abuse.* I have given links
in previous threads about this, and you can find them easily yourself by
searching for something like:* SMS security.


Indeed - the hint is that it's encrypted in the air, but it's not
encrypted in the network...

  #12   Report Post  
Old December 19th 18, 08:34 PM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Dec 2015
Posts: 96
Default 5 Live Science Night - Phishing Attacks

On Wed, 19 Dec 2018 10:53:50 +0000, Someone Somewhere
wrote:

On 19/12/2018 10:22, Java Jive wrote:
On 19/12/2018 09:09, Chris in Makati wrote:

How can they do that? Everything is highly encrypted until it reaches
the phone.


AFAIAA, the SMS is open to various types of abuse.* I have given links
in previous threads about this, and you can find them easily yourself by
searching for something like:* SMS security.


Indeed - the hint is that it's encrypted in the air, but it's not
encrypted in the network...


Sounds like you're talking about a rogue employee intercepting SMS
messages within the network infrastructure itself.

If we're going to those extreme situations then you might as well say
a bank employee could access your account and steal your money.

This is way beyond the realm of simple phishing attacks from outsiders
that the program was about.
  #13   Report Post  
Old December 19th 18, 09:18 PM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Oct 2011
Posts: 383
Default 5 Live Science Night - Phishing Attacks

On 19/12/2018 20:34, Chris in Makati wrote:
On Wed, 19 Dec 2018 10:53:50 +0000, Someone Somewhere
wrote:

On 19/12/2018 10:22, Java Jive wrote:
On 19/12/2018 09:09, Chris in Makati wrote:

How can they do that? Everything is highly encrypted until it reaches
the phone.

AFAIAA, the SMS is open to various types of abuse.* I have given links
in previous threads about this, and you can find them easily yourself by
searching for something like:* SMS security.


Indeed - the hint is that it's encrypted in the air, but it's not
encrypted in the network...


Sounds like you're talking about a rogue employee intercepting SMS
messages within the network infrastructure itself.

If we're going to those extreme situations then you might as well say
a bank employee could access your account and steal your money.

This is way beyond the realm of simple phishing attacks from outsiders
that the program was about.

No - I wasn't and if you'd have looked as the other poster suggested you
would have found that too.

Basically, if you can access network infrastructure anywhere in the
world you would theoretically be able to do it. So you only need one
rogue actor, somewhere, who could then sell that kind of access and
information.

Yes, more than a phishing attack, but not the level of security that
people would reasonably expect.
  #14   Report Post  
Old December 19th 18, 09:19 PM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Nov 2012
Posts: 77
Default 5 Live Science Night - Phishing Attacks

On 19/12/2018 20:34, Chris in Makati wrote:

Sounds like you're talking about a rogue employee intercepting SMS
messages within the network infrastructure itself.


No, the whole point is that the SMS network infrastructure is insecure.
  #15   Report Post  
Old December 20th 18, 09:15 PM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Dec 2015
Posts: 96
Default 5 Live Science Night - Phishing Attacks

On Wed, 19 Dec 2018 21:18:55 +0000, Someone Somewhere
wrote:

On 19/12/2018 20:34, Chris in Makati wrote:
On Wed, 19 Dec 2018 10:53:50 +0000, Someone Somewhere
wrote:

On 19/12/2018 10:22, Java Jive wrote:
On 19/12/2018 09:09, Chris in Makati wrote:

How can they do that? Everything is highly encrypted until it reaches
the phone.

AFAIAA, the SMS is open to various types of abuse.* I have given links
in previous threads about this, and you can find them easily yourself by
searching for something like:* SMS security.

Indeed - the hint is that it's encrypted in the air, but it's not
encrypted in the network...


Sounds like you're talking about a rogue employee intercepting SMS
messages within the network infrastructure itself.

If we're going to those extreme situations then you might as well say
a bank employee could access your account and steal your money.

This is way beyond the realm of simple phishing attacks from outsiders
that the program was about.

No - I wasn't and if you'd have looked as the other poster suggested you
would have found that too.

Basically, if you can access network infrastructure anywhere in the
world you would theoretically be able to do it. So you only need one
rogue actor, somewhere, who could then sell that kind of access and
information.

Yes, more than a phishing attack, but not the level of security that
people would reasonably expect.


Too much James Bond stuff here.

Gaining access deep into a mobile network's infrastructure may be
something the security service could theoretically do, but it's way
more difficult than you make it out to be.

The idea that someone who got hold of your banking logon details would
then penetrate a network in that way to intercept an SMS and steal a
few thousand quid is quite unrealistic.


  #16   Report Post  
Old December 20th 18, 09:27 PM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Nov 2012
Posts: 77
Default 5 Live Science Night - Phishing Attacks

On 20/12/2018 21:15, Chris in Makati wrote:

Too much James Bond stuff here.


No, see my post that started the thread.

Gaining access deep into a mobile network's infrastructure may be
something the security service could theoretically do, but it's way
more difficult than you make it out to be.

The idea that someone who got hold of your banking logon details would
then penetrate a network in that way to intercept an SMS and steal a
few thousand quid is quite unrealistic.


As in my original post, it's quite realistic enough for something not
that dissimilar to have already happened and it cost the viction
c£70,000. And this is a quote from me posting to a recent thread
entitled "Mobile phone shop staff 'enabling Sim swap scams'" in this
very newsgroup:

"Yes, I once saw in a newsgroup, probably either uk.telecom.broadband or
uk.tech.digital-tv, a description of how open the system is, but cannot
find the thread now. However, I did find these, among the first of many
other hits for "sms security vulnerabilities":

https://www.theverge.com/2017/9/18/1...ssword-bitcoin

https://securityintelligence.com/whats-wrong-with-sms-authentication-two-ibm-experts-weigh-in-on-the-nist-recommendation/"

The SMS system is very insecure, get used to it.
  #17   Report Post  
Old December 20th 18, 09:41 PM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Oct 2011
Posts: 383
Default 5 Live Science Night - Phishing Attacks

On 20/12/2018 21:15, Chris in Makati wrote:
On Wed, 19 Dec 2018 21:18:55 +0000, Someone Somewhere
wrote:



No - I wasn't and if you'd have looked as the other poster suggested you
would have found that too.

Basically, if you can access network infrastructure anywhere in the
world you would theoretically be able to do it. So you only need one
rogue actor, somewhere, who could then sell that kind of access and
information.

Yes, more than a phishing attack, but not the level of security that
people would reasonably expect.


Too much James Bond stuff here.

Gaining access deep into a mobile network's infrastructure may be
something the security service could theoretically do, but it's way
more difficult than you make it out to be.

The idea that someone who got hold of your banking logon details would
then penetrate a network in that way to intercept an SMS and steal a
few thousand quid is quite unrealistic.

Not in the slightest - it has been shown.

Just because you don't, or can't, understand it doesn't make it impossible.
  #18   Report Post  
Old December 21st 18, 11:34 AM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Dec 2015
Posts: 96
Default 5 Live Science Night - Phishing Attacks

On Thu, 20 Dec 2018 21:27:43 +0000, Java Jive
wrote:

On 20/12/2018 21:15, Chris in Makati wrote:

Too much James Bond stuff here.


No, see my post that started the thread.

Gaining access deep into a mobile network's infrastructure may be
something the security service could theoretically do, but it's way
more difficult than you make it out to be.

The idea that someone who got hold of your banking logon details would
then penetrate a network in that way to intercept an SMS and steal a
few thousand quid is quite unrealistic.


As in my original post, it's quite realistic enough for something not
that dissimilar to have already happened and it cost the viction
c70,000. And this is a quote from me posting to a recent thread
entitled "Mobile phone shop staff 'enabling Sim swap scams'" in this
very newsgroup:


The SIM swap scam has nothing to do with accessing the infrastructure
of a network. If someone is able to pretend to be you and obtain a
replacement SIM for your account from a phone shop your existing SIM
will be deactivated and your phone will go dead.

That's why I said in my original post:

"If you didn't have access to your mobile phone then it would be a bit
silly to try to reset your logon information using that method"


"Yes, I once saw in a newsgroup, probably either uk.telecom.broadband or
uk.tech.digital-tv, a description of how open the system is, but cannot
find the thread now. However, I did find these, among the first of many
other hits for "sms security vulnerabilities":

https://www.theverge.com/2017/9/18/1...ssword-bitcoin

https://securityintelligence.com/whats-wrong-with-sms-authentication-two-ibm-experts-weigh-in-on-the-nist-recommendation/"

The SMS system is very insecure, get used to it.


Those articles describe very exceptional situations where someone with
inside access to the networks could, theoretically, intercept an SMS.

The chances of a person being in that position AND have access to your
bank account details is so unlikely it's barely worth considering.
You're more likely to be struck by lightning.

You can invent all kinds of scenarios in life where theoretically
something could happen, if... if... if.. a certain combination of
unlikely events occurred, but the probability of them all occurring
together is very remote.

  #19   Report Post  
Old December 21st 18, 11:48 AM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Oct 2011
Posts: 383
Default 5 Live Science Night - Phishing Attacks

On 21/12/2018 11:34, Chris in Makati wrote:
On Thu, 20 Dec 2018 21:27:43 +0000, Java Jive
wrote

Those articles describe very exceptional situations where someone with
inside access to the networks could, theoretically, intercept an SMS.

The chances of a person being in that position AND have access to your
bank account details is so unlikely it's barely worth considering.
You're more likely to be struck by lightning.

You can invent all kinds of scenarios in life where theoretically
something could happen, if... if... if.. a certain combination of
unlikely events occurred, but the probability of them all occurring
together is very remote.

They're not that exceptional. And my point is that if one person,
somewhere in the world, did it, then they could offer the intercept
service to other nefarious elements.

You're clearly not convinced, but don't come crying to us or anyone else
if this happens to you.

  #20   Report Post  
Old December 21st 18, 02:47 PM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Dec 2015
Posts: 96
Default 5 Live Science Night - Phishing Attacks

On Fri, 21 Dec 2018 11:48:07 +0000, Someone Somewhere
wrote:

On 21/12/2018 11:34, Chris in Makati wrote:
On Thu, 20 Dec 2018 21:27:43 +0000, Java Jive
wrote

Those articles describe very exceptional situations where someone with
inside access to the networks could, theoretically, intercept an SMS.

The chances of a person being in that position AND have access to your
bank account details is so unlikely it's barely worth considering.
You're more likely to be struck by lightning.

You can invent all kinds of scenarios in life where theoretically
something could happen, if... if... if.. a certain combination of
unlikely events occurred, but the probability of them all occurring
together is very remote.

They're not that exceptional. And my point is that if one person,
somewhere in the world, did it, then they could offer the intercept
service to other nefarious elements.

You're clearly not convinced, but don't come crying to us or anyone else
if this happens to you.


I doubt you'll be hearing from me any time soon.

So can you cite any actual cases where someone with a working phone
had an SMS intercepted from someone with inside access to a network,
and then had their bank account hijacked as a result with money taken?


Reply
Thread Tools
Display Modes

Posting Rules

Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Phishing Spam from 'Vodafone'? Helen Deborah Vecht UK Mobile Phones 10 August 27th 07 03:55 PM
The Science of RFR Health Risks Lenny UK Mobile Phones 0 May 16th 06 03:58 PM
'Cosmic' baker attacks phone mast Ben UK Mobile Phones 0 December 22nd 04 10:05 PM
Diary note: Animal Science and Sentience Conference London March 2005 J B UK Mobile Phones 1 December 1st 04 05:52 PM
T-Mobile phishing scam? TMack UK Mobile Phones 5 October 23rd 04 12:16 PM


All times are GMT. The time now is 02:57 AM.

Powered by vBulletin® Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright 2004-2019 Mobile Banter.
The comments are property of their posters.
 

About Us

"It's about UK mobile phones"

 

Copyright © 2017