Discussion:
[whispersystems] Question about MitM over SS7
Manuel Wildauer
2016-06-09 08:19:17 UTC
Permalink
hi :)

I read a article about whatsapp and telegram [1][2]. The article
explained how a MitM Attack works over the SS7-Net.
Is a MitM Attack also possible with Signal?

[1] http://www.watson.ch/!309308041
[2]
http://translate.google.com/translate?hl=&sl=de&tl=en&u=watson.ch%2F!309308041
Finn Herzfeld
2016-06-10 02:10:06 UTC
Permalink
Giovanni Testa
2016-06-10 12:46:50 UTC
Permalink
Hello Finn,

please excuse my ignorance. How do I verify my fingerprints?

Do I have to note my fingerprint down as it shows in Signal's settigns
and regularly check if it's still the same?

Thanks,
G.
Signal doesn't communicate over SMS or SS7 except for the initial number verification. All further communication is over HTTPS to the signal server, and of course the messages are encrypted end to end. In theory an attacker could abuse SS7 to steal a confirmation code and get all future Signal messages from your phone, but the person sending them would have to manually trust the new fingerprint. So just verify your fingerprints and you'll be fine. And of course don't trust new fingerprints that randomly show up.
Finn Herzfeld
hi :)
I read a article about whatsapp and telegram [1][2]. The article explained how a MitM Attack works over the SS7-Net.
Is a MitM Attack also possible with Signal?
[1] http://www.watson.ch/!309308041
[2] http://translate.google.com/translate?hl=&sl=de&tl=en&u=watson.ch%2F!309308041
Finn Herzfeld
2016-06-10 14:59:11 UTC
Permalink
Loading...