Messenger,instagram and google are prone to SS7,FINFISHER and PERGUSUS intrusions! The 2FA on these applications is just nonsense!!!!
gmail like facebook and instagram are not safe means for messaging.if you wouldn't like your calls to be listened or your messages to be read by an intruder or your bank account to be drained by a fraudster if you use mobile banking,then you must pay attention to this.With the recent coming of finfisher ,pergusus and the ss7 exploit in the region,the email we do send over our mailing services are not safely delivered. Worse of it all the more like social media like instagram and faceboo messenger arent safe!!The ss7 developed in mid 70s is a protocol that enable phone networks to exchange information needed in passing calls and text messages between networks and ensuring the correct billing among the networks.
The recent emerging of the ss7 flaw has left mant telecom companies wondering on how to prevent intrusion in the data transfer.ss7 exploit execution is very simple and fast with alot of effects on the privacy of customers on a give telephone network. It only needs one to be having and understanding linux os and the Ss7 SDK plus knowing the victim's IMSI.with this it is easy to monitor the victims location, listen to their calls,divert their calls,read their message or divert them to certain numbers.Every one using a phone and a simcard is liabe to this attack be it even the hacker himself. As i recently have been writing,the people in africa may unknowingly have been subjective to this form of spying either by their governments or independent hackers.Every one using a mobile phone to access internet services like emails,social media platforms like google plus,blogger,instagram,gmail,yahoo,hotmail etc are belived to have had their messagin and call intercepted or listened to.This is .ore profound in countries that do not offer freedom and rights to privacy.Starting from around October 2017,i came ro discover that the 2FA authentication on instagram,facebook and google were just toothless and nonsense. I learnt that a certain group of people in Uganda had been monitoring users of social media platforms and monitoring specified mobile phone numbers!!! They seemingly had diverted calls and messages of such phones to a group of mobile phone numbers or they were constantly monitoring the activities of some people on social media.Their phone number could relay 2FA messages of reset codes to phone numbers which the victims used on Gmail accounts,Instagram accounts and facebook accounts!!when i tested it on Gmail i discovered that the would even be able to set phish pages because if one revoked the devices on which the account may be logged in,and you try to re-login the reset message would be sent by google itself but after one logs out again like in two hours,the same numbers would again be the ones to send the message. On facebook,it was really shocking that as we all know a reset code is sappossed to spend a limited small time before its used,i had two scenarios where a same reset code sent by these numbers could be used even after 12hours!!!
Its shocking to many of you ,but what i ask myself is"who are the owners of these numbers? " do telecom companies in uganda know the owner?? Could the telecom employees be involved?does mtn,airtel,orang..know of thisform of spying??Are Ugandans aware?
I have seen many Ugandans think that using VPNs is safe,but with this ss7exploit everyone be it even the hacker is prone to this attack.If the government can use this for surveillance, then all the mobile phone users in the country can be monitored!!
Many Ugandans have resorted to cryptocurrencies,mobile phone banking,mobile marketing and the widely used mobile money,this ss7 exploits you to danger qand you owe to be extra cautious when carrying on your activities. Am not scaring anyone or blemishing any of the telecommunications companies but this attack is real and very dangerous and hard to overcome!!its even more worse here in uganda because of alot of ambiguity in the simcard registration,many fraudsters may be using phone numbers that are not registered in their own names. Can you imagine that some phone numbers have different names on imsi registration and mobile money registration!!!! I think the whole process of registration must be repeated. Otherwise its all trash!!!!!!
I compel those who think the phone nimbers are targeted to use other services like.
-whatsapp messaging and calling
-use Apple's i messaging
For calls start using
-whatsapp permit calls
-open source signal application
-silent circle end ti end encrypted phone services
For location monitoring, the only thing you can do is turn off your phone or use wifi
An experienced CYBER SECURITY ANALYST dealing in transborder crimes on phones,computers,threat intelligence, bug hunting,.... White hat hacking and Repairing phones and reviewer of new technology gadgets
Subscribe to:
Post Comments (Atom)
General pacifique Masunzu puts up a decision to totally close Goma-Rutshuru road
The Congolese army orders the total closure of the Goma-Rutshuru road. No access is authorized, neither entry nor exit. According to milit...
-
With the widespread availability of the Internet today, there are still times when it may not be feasibly available. Be it on a flight, du...
-
msticpy is a package of python tools intended to be used for security investigations and hunting (primarily in Jupyter notebooks). Most ...
-
A new way for cybercriminals to create fake social media profiles and carry identity scams using Artificial Intelligence powered tool? A ...
No comments:
Post a Comment