Outdated Network Tech in Chinese State-Owned Telecom Providers Put Global Data at Risk
A recent report by mobile threat mitigation company iVerify has sparked concerns about the security of global data transmitted through Chinese state-owned telecom providers. The report alleges that these providers' use of outdated and unencrypted network protocols poses a significant risk to mobile data, potentially allowing hacking groups to access sensitive information as it passes from country to country.
The companies in question are among the most dominant mobile traffic interconnect providers globally, with China Mobile, China Telecom, China Unicom, CITIC Telecom, and PCCW Global Hong Kong being among those listed. These networks play a crucial role in routing traffic between different mobile networks, making it essential to understand how they operate.
A mobile interconnect provider is essentially a service that allows multiple mobile networks to communicate with each other. For example, if you have a Verizon account and want to send or receive data from someone using an AT&T or Orange account, the traffic must be routed across different networks to reach its destination. Interconnect providers use sophisticated routing and control software to make this happen.
However, some of these providers, including those mentioned above, employ outdated and unsafe network signaling protocols such as SS7 and Diameter. These protocols have been exploited in real-world examples, allowing hackers to access sensitive information, including authentication data, SMS messages, location updates, and internet traffic.
The report highlights how this makes it "trivial" for Chinese government-sponsored hacking groups to operate, but notes that there is currently no concrete evidence to support these claims. Furthermore, the fact that attackers can gain access from anywhere in the world adds an extra layer of complexity to this issue.
What Does This Mean for You?
The implications of this report are significant, and it's essential to understand what they mean for individuals like you. The report advises that when sending data to someone, using end-to-end encryption is crucial to protect your information from potential hacking groups.
This may seem daunting, but the reality is that encrypting all communication can be a simple step towards ensuring your data remains secure. This means securing your messages, bank data, and even SMS 2FA codes. While it's true that encrypting everything might limit access to certain information, it's a necessary precaution in today's digital landscape.
Ultimately, the responsibility for this issue lies with the providers themselves. It's up to them to address these concerns and update their protocols to ensure the security of global data transmission.
The Future of Data Security
The situation highlighted by this report serves as a stark reminder of the importance of maintaining strong data security measures. As individuals, we can only do so much, but being aware of the risks is essential in taking steps to protect ourselves and our information.
It's also worth noting that some countries, like the United States, have taken steps to limit the use of these vulnerable providers by excluding them from trusted networks under the Secure Networks Act. However, this does not guarantee the security of all data transmitted through these channels.
The report's findings underscore the need for continued vigilance and cooperation among governments, security experts, and individuals to address the growing threat of hacking groups exploiting outdated network protocols.