Man in the Middle

Man in the Middle

Cyber security has been a hot topic lately. It started with the ‘wannacry virus’ infecting thousands of computers around the world. Then the discovery of a spambot database containing the information of 700,000,000 email accounts, the largest ever, and to top it off, Equifax has been hacked. Putting over 143,000,000 people’s personal information, including social security numbers, at risk. Most of the population haven’t been too bothered by these attacks as they haven’t been ‘personal’. Many of the wannacry victims were large corporations with cumbersome, out-of-date windows 7 systems, and both the email spambot and Equifax attacks involved such large numbers of victims it is difficult to take it personally. Personally, I had one of my email addresses compromised and I can’t say that I felt shocked or even worried. This led me to ask the question: what would take to make it feel personal?

The obvious answer would be to lose some money in one way or another, and that is exactly what happened in January 2017 to a selection of unfortunate German O2 customers. The victims had their bank accounts emptied after hackers exploited flaws in the SS7 protocol. SS7 or ‘signalling system 7’, is the protocol used by mobile telephone networks to communicate with each other. The theft involved a phishing scam by which the hackers collected information about the victims and then used a flaw in SS7 to redirect authentication codes from the bank to their own devices. Once in possession of the codes, they were able to set up bank transfers and empty the accounts.

This event shows just how vulnerable we are to the infrastructure we use to communicate. It is not difficult to imagine all the extremely personal and private information that is transferred through communication networks every day. It is much easier for a hacker to lie in waiting and collect information being transmitted through open networks, than to use brute force to take it from a device. Keeping up-to-date is critical for the security of a network and the recent data breaches have shown many big firms cannot be trusted, meaning that we need to take our privacy and security into our own hands. A solution to the flaws of our networks is to add an additional layer of security and use end to end encryption. Thankfully, many services such as WhatsApp already use this type of encryption.  A WikiLeaks release from earlier in the year revealed even the NSA are currently unable to break the encryption of these services while in transit. They can, of course, still read your messages if they gain access to the physical device, but that is another security issue all together.

As with any security measure, it is a game of cat and mouse, always trying to stay one step ahead. Encryption will improve and so too will the tools used to break them; one day our current methods will be out of date and we will have to upgrade. The cost of upgrading may be painful but when realise SS7 was designed back in the 1980s and our money and identities are at stake, it seems crazy not to upgrade. The properties of quantum mechanics in quantum cryptography offer an opportunity for secure future communications. However, I am sure that one day, that too will be hacked. Until then we must make do with what we have. Stay secure, stay safe.

(I recommend checking if your accounts have been compromised at www.haveibeenpwned.com.)

Author: Christopher Braithwaite

The founder of TMTalks, Christopher, is based in the United Kingdom and writes for the site in his free time. Particular areas of interest include Space, energy, cyber security and block-chain technology.

Leave a Reply

Your email address will not be published. Required fields are marked *