Issue 777088 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Oct 2017
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: Solution to the ss7 vulnerability.

Reported by shriv...@gmail.com, Oct 21 2017

Issue description

All Google accounts are vulnerable to the ss7 protocol attack.
Instead of sending the verification code to the mobile number using SMS g,Google can send it through Whatsapp (or any other trusted  end to end encrypted messaging app).

Comment 1 by elawrence@chromium.org, Oct 21 2017

Status: WontFix (was: Unconfirmed)

Thanks for the note. The Chrome Security team does not handle issues in other Google products and services.

You can submit your suggestion via the general Google Vulnerability Rewards program: https://www.google.com/about/appsecurity/reward-program/ but I'm completely confident that everyone there is well aware of attacks against SMS and the tradeoffs of alternative approaches. Users with especially sensitive accounts have new options available to them to deter advanced attacks: https://www.wired.com/story/google-advanced-protection-locks-down-accounts/

Project Member

Comment 2 by sheriffbot@chromium.org, Jan 27 2018

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 777088 link

Issue metadata

Security: Solution to the ss7 vulnerability.

Issue description

Comment 1 by elawrence@chromium.org, Oct 21 2017

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Jan 27 2018

Comment 2 Deleted

Sign in to add a comment