A very intriguing video about vulnerabilities in mobile communication.
In brief, the gist is this: due to the expansion of the network of cellular operators, control over who enters “the club” has been lost, and it’s fairly easy to gain unauthorized access to the SS7 network, through which mobile connections are managed. From there, one can do anything: intercept calls and SMS, record calls without the caller’s knowledge, and even track locations — in cities, it’s incredibly accurate. Access to the network simply costs money. And, of course, one must know what to do and how—it’s just knowledge, albeit rare.
A notable example is the case with Princess Latifa from Dubai, who was captured after an attack via SS7 allowed the location of her yacht captain’s phone to be pinpointed.
A live attack is demonstrated, in which a hacker intercepted a phone call intended for someone else. This was done by deceiving the network into thinking that the victim’s phone was in roaming, which allowed the hacker to redirect the call.
In the discussion, it is emphasized that, although newer protocols introduced with 5G are more secure, the transition to them is slow due to network effects: all operators need to switch at the same time to fully benefit from the advantages.
Conclusion: SMS is evil. Use authenticator apps or hardware tokens for two-factor authentication. Or, just don’t stick out so much that someone would not mind spending a few thousand dollars to hack specifically you.
Links in the comments.
Hi, I'm Rauf Aliev. 