0

After watching a video course about SS7 attacks and remote control flaws through WiFi adapters of smartphones, a question comes to my mind:

If an adversary can intercept your SS7 traffic and relate it to his own internet, he can obviously automatically inject malicious code into the flow of traffic, isn't that right?

Therefore, some apps may contain malware even if installed from the Play Store, isn't that right?

I am talking about the case of someone who's using cellular data to connect, not only the apps, even the whole phone update can be compromised, or not?

Improve this question
5
  • "he can obviously automatically inject malicious code in the flow of traffic" This is a broad assumption. Also, SS7 is not used in 4G network. It is used for signalling in 2G & 3G circuit based networks.
    – defalt
    Commented Feb 18, 2023 at 20:28
  • @defalt By saying a broad assumption do you mean it's not possible to inject malicious packages to 3g network that have been intercepted by a fake tower.
    – takamichi
    Commented Feb 18, 2023 at 20:40
  • If I understood correctly, the issue is more about if there's a vulnerability for the phone to process malicious code (regardless of SS7) because apps are generally sandboxed to prevent such security issues.
    – Andrew T.
    Commented Feb 19, 2023 at 4:10
  • With new features coming up at every update you can't believe really that apps are sandboxed, but am talking also about the system update, it can be tampered and the process of verifying this update too.
    – takamichi
    Commented Feb 19, 2023 at 6:38
  • "do you mean it's not possible to inject malicious packages to 3g" Not in the way you assumed that it can tamper with apps and OTA updates.
    – defalt
    Commented Feb 19, 2023 at 9:08

1 Answer 1

Reset to default
0

Generally modern phone operating systems such as iOS and Android use TLS to communicate with the mothership. Thus, an attacker will both have to be able to inject traffic at will and present valid certificates. This is a tall order.

Furthermore, I can't see how SS7 is relevant here? That is not a dynamic routing protocol for IP traffic...

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .