3

Hackers are able to steal 2FA SMS messages by exploiting SS7. As far as my understanding goes, this means gaining access to the SS7 system and then broadcasting a message akin to "This number is roaming on my network, send me all their SMS messages!"

Would this work for a Google Voice number? If my understanding above is correct, Google knows it'll be sending the SMS to the Google Voice app and not to some other network, so I would guess it might be immune to SS7 exploitation. Or does the hacker only need to say the number is roaming to whoever is generating the SMS message?

I'm aware of the other downsides to using Google Voice as a second factor for 2FA, and am mitigating them by using an alternate Google account for which I have a strong, separate password that I only ever enter when logging into the app on my mobile device, and nowhere else, ever. I trust Google's security a hell of a lot more than the TelCo's. This way customer service won't give out my info or re-route the number just because someone knows my mother's name. I personally view keylogger attacks as unlikely on an non-jailbroken iPhone, and I hope I might be at least a bit more protected from atrocious SS7 holes.

Please don't respond to this telling me to use Google Authenticator or a hardware key - This is not in the scope of my question and I already do so where possible.

Improve this question
7
  • You appear to have gotten your answer here (outside of SE). If you summarize the results of that in an answer to yourself here, you can accept that answer and leave it as a useful answer for others.
    – Royce Williams
    Commented May 25, 2019 at 16:46
  • Honestly I think that's just a generic answer the Google rep gave me "Google Voice is no more or less secure than SMS". Specifically for the case I mentioned, can incoming SMS to Google Voice be redirected, after reading the document the Google rep posted, my hunch is "no" for the reasons described in that thread, but I couldn't get a straight answer. I'm not an expert on this in any way, I've just done a days worth of internet research, so I'm not comfortable putting that as an answer
    – Mohamed Hafez
    Commented May 25, 2019 at 21:20
  • The answer they gave you is complete and specific. For SMS-to-SMS transmission to work, any SMS must eventually dump out into the same SS7 network shared by all SMS sources and destinations, so the routing hijack attack vector applies. If it's SMS, it's vulnerable in this way - whether provided by Google Voice or anyone else.
    – Royce Williams
    Commented May 25, 2019 at 21:28
  • Maybe you're asking whether an SMS sent both from a Google Voice number, and to a Google Voice number, might simply skip SS7 entirely? That's the only use case I can think of that might track to what you have in mind.
    – Royce Williams
    Commented May 25, 2019 at 22:58
  • So if you read how about how the re-routing attack works in the document from that thread, and also this doc, it seems like the rerouting attack depends on an attacker telling the Google Voice HLR "hey, this number is roaming on my network, forward me their SMS". A carrier that gives out real SIM cards might have to honor that request, but Google knows their numbers don't roam, I doubt they would honor that request
    – Mohamed Hafez
    Commented May 25, 2019 at 23:25

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .