This is a must-watch video IMO. I was aware of some of these issues with SS7, but that they are demonstrable in the real-world by a YouTuber is astounding to me.
I just saw this and I am about to show to the spouse. They key takeaway is to use E2EE messaging/calling service like Signal (and sadly recommended WhatsApp as well).
The case study the cybersecurity experts and Veritasium presented here is that an abused Emirati (from UAE) princess tried to escape by boat but the father tried to track her and traced her via the Captain’s phone via SS7 and recaptured the princess.
I am also a bit confused about this, but I do think this aspect was staged. They mentioned there are some ways to obtain the IMSI required to perform this attack with only the victim’s phone number, but I think this depends on the carrier.
My understanding is that some carriers leak IMSI, like you can use SS7 to ask for the IMSI with just the phone number, but other (maybe most or all nowadays?) carriers block it.
In other cases it may require social engineering the carrier or using an IMSI catcher device (which would actually capture the TSMI over the air, but you can use SS7 to get the IMSI from the TSMI).
I thought IMEI numbers are on the phones and IMSI are on the SIM cards? Both are different unique identifiers that cellular providers should have access to.
That’s why I never used or disclosed a phone number of the SIM card in my phone, and I have my phone set to LTE only, so I only use it for internet access.
I am not sure whether using only LTE or Vowifi would ensure no ss7 attacks.
In the video they mentioned about communication between 2 carriers could still be using ss7 technology, so you maybe using lte to connect to your isp , but the communication might use old network at some point.
I think best would be to use any e2ee solutions like signal or whatsapp and encourage family and friends to use that.
If I own a regular phone number in a voip provider, and I connect to this provider using encrypted sip, that end of the connection would bot be affected by ss7 control plane hacking. It can still be vulnerable, but with other means.
However, what about exchange between teleohony providers. They still use ss7 to discover and connect to each others. Isn’t this vulnerable too ?
I think they gave him the phone? I watch LTT and I know that he was planning on trying out the new iPhone, because his fold died and for the time being he was using his previous samsung S8 phone. So, they most likely just gave that phone to him or something like that.
My interpretation is that it depends on the SS7 server of the carrier the attacker connects to to get the information rather than the carrier of the victim. Given the apparent multitude of SS7 providers that exist, the attacker only needs to know of one that suits their needs.
So the most that the SS7 system would know is the apparent IP address for the VoWiFi end point. And that can be obscured by using a VPN to a location of your choice.
That probably is enough to keep your location hidden from the attacker. It does nothing to mitigate the fact they can monitor or redirect any of your traffic. For that a end-to-end encrypted IP only system like Signal would be needed.