Don’t look up

D

dada_dave

Elite Member
Joined
Oct 25, 2022
Posts
3,758

Vinoth (Mobile security) (@vinoth@infosec.exchange)

This is insane! A few researchers from UCSD and UMCP scanned bunch of satellite links, found much of the traffic is not encrypted, and went on to decode them. It's amazing what came out. - T-Mobile backhaul: Users' SMS, voice call contents and internet traffic content in plain text. - AT&T...
infosec.exchange infosec.exchange

Why worry about quantum cryptography when everyone is sending all this shit unencrypted anyway? (Yes for the all stuff we aren’t but Jesus)
 
dada_dave said:

Vinoth (Mobile security) (@vinoth@infosec.exchange)

This is insane! A few researchers from UCSD and UMCP scanned bunch of satellite links, found much of the traffic is not encrypted, and went on to decode them. It's amazing what came out. - T-Mobile backhaul: Users' SMS, voice call contents and internet traffic content in plain text. - AT&T...
infosec.exchange infosec.exchange

Why worry about quantum cryptography when everyone is sending all this shit unencrypted anyway? (Yes for the all stuff we aren’t but Jesus)
Click to expand...
I never trusted sms, phone calls or emails. There’s millions of ways to intercept and alter it. And you should always assume http to be untrusted. Never expected my dns over mobile to be secure. Anything where there’s not an explicit point to point encryption stage has never been trustworthy. Frankly also goes for your home net. I almost feel it’s fine this traffic is plainly encoded. It’s outside of the threat model. It would be nice to be more secure but should never be relied upon anyway.

iMessage, signal, FaceTime, https is encrypted regardless. People monitoring the traffic can see you connect to the servers but not the packet contents
 
casperes1996 said:
I never trusted sms, phone calls or emails. There’s millions of ways to intercept and alter it. And you should always assume http to be untrusted. Never expected my dns over mobile to be secure. Anything where there’s not an explicit point to point encryption stage has never been trustworthy. Frankly also goes for your home net. I almost feel it’s fine this traffic is plainly encoded. It’s outside of the threat model. It would be nice to be more secure but should never be relied upon anyway.

iMessage, signal, FaceTime, https is encrypted regardless. People monitoring the traffic can see you connect to the servers but not the packet contents
Click to expand...
Their survey found sensitive government and corporate data though. Yeah the personal stuff is not great, but they found data that really, really should be encrypted and isn’t being so.
 
dada_dave said:
Their survey found sensitive government and corporate data though. Yeah the personal stuff is not great, but they found data that really, really should be encrypted and isn’t being so.
Click to expand...
Absolutely. But I think the blame for that lies with the people sending such data through unsecured channels. Not as much with the channel. In this case at least.
 
Agreed. It should be common knowledge that cell networks are akin to shouting into a crowd and just hoping someone can't pick apart the different conversations. SMS has been known to be insecure nearly as long as I've had a cell phone with the feature.

But this does explain why China targeted cellular infrastructure if so much sensitive data is passing through these networks via SMS or other unsecure channels.
 

Similar threads

Huntn
A Disturbing Event
Replies
7
Views
286
Alli
Alli
A
Trying out a Lenovo Slim 7x (Snapdragon X Elite, OLED, etc)
Replies
13
Views
681
DT
DT
Colstan
Google to Android users: Don't pick up the phone!
Replies
0
Views
282
Colstan
Colstan
fooferdoggie
London's Vagina Museum to upgrade premises from thong to granny knickers after successful fundraising drive
Replies
2
Views
370
Yoused
Yoused
Chew Toy McCoy
General I don’t get in and out of network insurance coverage
Replies
12
Views
1K
AG_PhamD
A
Back
Top