Mailinglist Archive: opensuse (1108 mails)

< Previous Next >
Re: [opensuse] Fax vulnerability
On 08/16/2018 06:21 PM, James Knott wrote:
On 08/16/2018 12:08 PM, Anton Aylward wrote:
Fax is about as secure as a land line.

My GP won't notify me about results, appointments or anything by e-mail, they
consider email to be 'insecure'.
But I can go to the basement of their building, thee parking ports, and look at
the wring and clip a recorder on there. FAX is not secure.
I get the same thing.  In fact, I had the same discussion with my doctor
recently.  People who have little knowledge of telecom and IT have no
idea how insecure it is.  I have worked in telecom and other areas of IT
for decades.  I know how easy it is to tap onto a phone line (I was
doing that as a teenager) and I can also spoof phone numbers (it's
common practice for businesses to display the main number on call
displays), if I get my hands on the equipment.  There are lots of fax
modems kicking around that could easily be modified to intercept faxes.
Also, many years ago, shortly after I got my first fax modem, I faxed
myself a document that had nothing but my signature on it.  I did that
so I could cut 'n paste my signature on documents where they wanted a
signature.  There was nothing to stop me from doing the same with
someone else's signature.

From your perspective, you're correct.... Fax isn't secure.

From others (the courts for example) Fax IS secure and is accepted/demanded as
a legal document.  Email is not... and we all know for bloody good reason.

Now, having said all of that I'll address your comment about tapping onto the
line to make a copy of a fax transmission...

I worked in the telecom business for a fairly long time in central offices and switches.  Yes, you can record the audio tones, but a fax modem is a VERY fussy beast and that trick tends to not work.

Not saying you can't do it, it's just not as easy as TV and modern security
researchers would have you believe.

Nor is cracking the ss7 network.  Access is tightly controlled. One does not "just
get on" that network.

If you read the accounts of the researchers doing the security work on the ss7 network, way down at the bottom, you always see where they thank some network/access provider for allowing them onto the ss7 network so they can tell them how they run a crappy network.

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >