Insights For Success

Strategy, Innovation, Leadership and Security

mobile

Your phone calls and SMS messages aren't secure

GeneralEdward Kiledjian

Image by Matthew Hurst used under Creative Commons License

In the above 2015 presentation, security researchers broke the secrecy around a protocol called SS7 and explained how a technically proficient user can "break it" and easily compromise your mobile phone call data and text messages. Seeing an opportunity, 60 minutes produced a popular segment  that scared viewers and I still receive emails from readers asking if this is "a real thing".

Let's take a look at this together.

What is SS7?

SS7 is short for Signalling System 7 and is a carrier interconnect technology that allows one mobile carrier to connect to another and send calls and SMS to each other. It allows allows you to roam on another carrier's network when travelling. It is an old (1975) technology developed before the world went security crazy and thus is has much more basic security built in.

What can hacker access?

A skilled hacker can use SS7 to gain a huge amount of insight into the victims use of a mobile device. It will allow him (masculine being used for simplicity) to listen in on phone calls, forward phone calls, collect call metadata, ability to intercept SMS messages and ability to track the phone. 

Think of all sites using SMS as a second factor authentication tool. Any bank, social network or other site using SMS to authenticate users are jeopardizing your security. Always choose another authentication option (other than SMS).

No one would be surprised if a government performed these types of tracking activities but SS7 makes it possible for anyone to do this.

Am I vulnerable to the SS7 hack?

Anyone using a smartphone (anywhere in the world) is vulnerable to the SS7 hack when using traditional mobile phone service (phone calls, SMS messages, etc), 

How can I protect myself from the SS7 hack?

If you don't use traditional mobile phone services, your information can't be hacked with SS7. The only way to protect yourself is to use alternatives (which in most cases are better anyway).

As an example, instead of sensing plain SMS messages, you an encrypted messaging service like WhatsApp, Apple Messages, Google Hangouts/Allo, or any other encrypted messenger. To be clear, each of these has its own security issues which can lead to compromise but they are immune to the SS7 attack. 

What about phone calls you ask? Many of the above text messaging alternatives also provide voice calling services which would also be immune to SS7 hacking because they use an encrypted data channel instead of the traditional mobile phone voice system. My favorite encrypted calling app is still Signal (which was even endorsed by Edward Snowden).

Preventing phone location tracking is more complicated. Anytime your phone is on, a network operator can track your location using triangulation. The only option here is to turn it off and maybe even store it in a Faraday cage bag (like the ShieldSak which I will review). A less abrupt technique (good but not perfect) is to turn off connectivity to the mobile network and only use WIFI.

Videotron adds 38000 subscribers and increases ARPU

technologyEdward Kiledjian
Image by thskyt used under Creative Commons License

Image by thskyt used under Creative Commons License

Quebec's Videotron has become a very fierce competitor in the Quebec wireless services market. The end of September ended another great quarter with more subscribers and higher ARPU (Average Revenue per subscriber),

38000 new subscribers call Videotron wireless home (bringing the annual total to more than 111000). ARPU increased 6.5% year over year. 

the success of our new value-added plans, featuring higher data caps at impressive speeds, as well as our optimal selection of mobile devices.
— Videotron

Videotron's newly deployed LTE network (touches 90% of Quebecers) has been a huge success and is delivering speeds of up to 150Mbps. The analyst call also referred to discussions with Wind Mobile. I think a purchase of Wind by Videotron would be a fantastic move for the company and for consumers. 

Videotron won spectrum in the 700Mhz auction in Quebec, Ontario, Alberta and BC. Let's see if growth ambitions push Videotron to compete ocean to ocean.

Videotron report (Link)

8 tips for successful video conferencing

technologyEdward Kiledjian
Creative Commons - Flickr user Timo Newton

Creative Commons - Flickr user Timo Newton

As little as 2 years ago, video conferencing was reserved for the most technically savvy amongst us. with the introduction of Apple's Facetime and Google Hangouts, millions have started enjoying it for work and pleasure. Videoconferencing is easy but that doesn't mean everyone is doing it right. Here are tips to help you video conference like a champ.

  1. Good Lighting - Just life traditional photography, lighting is one of the most important factors to consider. If you have too little light, your webcam will digitally boost the ISO making the image look ugly and grainy. If you have the wrong kind of light, you will look overly pink or blue. You don't have to spend a lot of money to get good lighting. You should be able to pickup a handful of LED lights that you can place around you to create a soft and well balanced light. Try to avoid harsh spot lighting and direct sunlight. Also make sure you don't have any bright light behind you as that may trick the camera and underexpose you.
  2. Good Camera - The better the camera the better the experience. Look for a camera that offers full HD support and reliable focusing. My favorite brand is Logitech so anything there should work just fine.
  3. Good Microphone - 90% of all home and business videoconferencing users never even think about adding a good quality microphone to the mix but it makes a difference. The higher end webcams have decent microphones but anything that is built into a smartphone or laptop should be considered sub-par. If possible, add an external microphone that is closer to your speak organ (aka your mouth ). A good setup is to use a headset for sound when videoconferencing.
  4. Frame the shot - I recommend starting the video chat software ahead of time and determine what is showing. If your face properly framed? Are there distracting objects showing in the scene (background, overhead, etc?) It's a good opportunity to make sure your lighting is good and that your video camera is configured optimally. Assume you may need to move when the video-conference is live and dress appropriately (aka don't wear Bermuda shorts when on a business video-conference)
  5. My eyes are up here - The biggest mistake people make is looking in the wrong place. If you are watching your participants on your screen, you are not looking at them in their eyes. If possible, stare at the webcam.
  6. Good networking - Spend the money and buy a reliably good router. I recommend the Asus branded WIFI routers. A bad router could cause huge videoconferencing issues.
  7. Use Quality of Service - You should enable the QOS feature on your router to prioritize your videoconferencing traffic.
  8. Mute - Make sure you have a way to quickly mute sound. It's good to mute when you not talking or quickly mute if you have to cough.

 

CRTC Wireless Code : Carriers must unlock your smarpthone

technologyEdward Kiledjian

The CRTC Wireless Code is a bill of consumer rights that aims to make smartphone contracts more fair and understandable to the average Canadian users.

One of the obligations brought forth by this new code is the obligation to unlock a smartphone at the user's request per these conditions:

  1. A service provider that provides a locked device to the customer as part of a contract must 
  • for subsidized devices: unlock the device, or give the customer the means to unlock the device, upon request, at the rate specified by the service provider, no later than 90 calendar days after the contract start date.
  • for unsubsidized devices: unlock the device, or give the customer the means to unlock the device, at the rate specified by the service provider, upon request.

Link to the CRTC Wireless Code. Most Canadian carriers have already started to implement the unlock option. 

CRTC Wireless Code : $100 Cap on data roaming charges

technologyEdward Kiledjian

We hear horror stories of Canadians travelling abroad and coming back with $5000 mobile phone bills. We can certainly sit here and laugh at those people (who should know better), but this is a bigger problem than most people realize. 

This is why I am so excited that the CRTC Wireless Code to protect consumers. For this specific issue, here are the new controls your carrier will have to implement: 

  • A service provider must suspend national and international data roaming charges once they reach $100 within a single monthly billing cycle, unless the customer expressly consents to pay additional charges.
  • A service provider must provide this cap at no charge.
This protection comes into effect later this year.
Link to the CRTC Wireless Code.