Digitalization is rapidly covering the most important spheres of social life - from receiving social services and obtaining a loan to exchanging an apartment or buying a car. Now it is difficult to imagine life without a state portal. services, mobile banking or online shopping. Such services have become possible thanks to digital identification technologies, high-speed mobile communications, centralization of government databases and, of course, the modernization of regulatory and legal regulations. But like other technologies, they are not devoid of critical vulnerabilities, on the earliest elimination of which the security and safety of the future digital society depends.
Unlike classic vulnerabilities such as heartbleed or meltdown , which can be fixed by fixing the software code or updating the firmware of the hardware chip, vulnerabilities in digital services are at the intersection of infrastructure technologies, commercial software products, government digital platforms and regulations, so their identification and elimination is a much more complex process and depends on the initiative and goodwill of all stakeholders.
Let's try to consider some of the vulnerabilities that can create direct material damage for ordinary citizens - from the loss of money and property to theft of an identity and biometric profile.
The following are real scenarios and threats collected from open sources (including on Habré), about the effective measures to eliminate which very little is known.
Disclaimer 1 - Material Sources
The article is not an original research, but is a compilation of information from open sources that is of particular interest in the context of the massive distribution of digital services.
Disclaimer 2 - Correctness of information security terms and wording
There may be some liberties in the interpretation of such terms as "issue an EDS", "attack vector" or the interconnection of the SS7 protocol with modern GSM networks, provided that the general essence of the described phenomena is preserved.
Disclaimer 3 - No hate and anti-advertising
- , . .
1.
. 1976 “ ”, . 2011 . 63 “ ”, , , .
- , , , (. " - " ). , , , , ..
, - , .
, – , , .. , . , , .
. , , .
, , . , 500 .
2.
SIM- - SIM-, ( - , - .), (, , - ).
SIM- , . , , , – , .
- , - .
, GSM-c . GSM- SS7 (Signaling System 7), . - , . , – .
, 900 ( --, +7-900 - - ), ? , , ?
GSM- , SS7, . , . , .
3.
- – , (, , , , .) . . .
, , , .
, , . , - . , , , - (, , .).
, , - , .
( ) . -, ( , -, .)
, , . .. , , , -.
, ( Terms of Service - Didn't Read), , -. "Your biometric data is collected" .
Hackers Say They've Broken Face ID a Week After iPhone X Release
, , .
, .
, - , . , 1 2021 63- “ ”, ( , 7 . . 1 . , .). 2020 , .
, , , , . , - , . (%_%, ?)
!