Existing are plenty of online articles on the subject of insecure telecommunications. This includes insecure 2-step verification, so called "two-factor authentication" that authenticates via SMS text messages, and other topics like low-budget IMSI catchers (stingrays) and the gaping hole in SS7. Also existing are good summaries of the history of telecommunications protocols/standards from the 1G analog to 2G digital to 3G packet-switching to 4G jargon like "orthogonal frequency division..." and "higher-order 'quadrature amplitude modulation'." These articles were my favorites.
HowStuffWorks: How Cell Phones Work
https://electronics.howstuffworks.com/cell-phone.htm
BREAKING GSM WITH A $15 PHONE... PLUS SMARTS (Jon Borland, 2010)
https://www.wired.com/2010/12/breaki...e-plus-smarts/
HACKERS SPOOF CELL PHONE TOWER TO INTERCEPT CALLS (Kim Zetter, 2010)
https://www.wired.com/2010/07/interc...l-phone-calls/
SO HEY YOU SHOULD STOP USING TEXTS FOR TWO-FACTOR AUTHENTICATION (Andy Greenberg, 2016)
https://www.wired.com/2016/06/hey-st...uthentication/
THE CRITICAL HOLE AT THE HEART OF OUR CELL PHONE NETWORKS (Kim Zetter, 2016)
https://www.wired.com/2016/04/the-cr...nfrastructure/
Alternatives are many, including Authy, U2F security keys, and various Yubikeys, and yet I hope to hold onto my SMS-only Yahoo email address. The subject of SS7 is still over my head, but the articles from 2010 importantly reveal two things about GSM transmissions: they can be decrypted, eavesdropped, and imitated; the imitation transmissions are used to match the physical device to its network ID number; and, with a few thousands of dollars, a fake cell tower is possible.
However, these weaknesses were in GSM, a 2G standard. With 3G underway, recent devices typically use UMTS, which uses W-CDMA and is based on GSM, or CDMA2000, which was designed for backward compatibility with CDMAOne (IS-95). Indeed, my cheap LG Cosmos supports CDMA2000. However, smoothing the transition into 3G (IMT-2000), CDMA2000 and CDMAOne can operate on the same frequency, and CDMA2000 is backward compatible. Vulnerabilities must be known, but I only found a pair of pay-gated IEEE publications on the similar vulnerabilities of CDMA2000 and UMTS.
I worry that my investigation into cellular vulnerabilities is reaching a dead-end before any practical advice, and SS7 remains even more opaque. I am ready to learn whatever I can from the ubuntuforums community.
Bookmarks