recentpopularlog in

pierredv : ss7   8

Newer Diameter Telephony Protocol Just As Vulnerable As SS7, Jul 2018
"Security researchers say the Diameter protocol used with today's 4G (LTE) telephony and data transfer standard is vulnerable to the same types of vulnerabilities as the older SS7 standard used with older telephony standards such as 3G, 2G, and earlier."

"The difference between these two is that while SS7 did not use any type of encryption for its authentication procedures, leading to the easy forgery of authentication and authorization messages, Diameter supports TLS/DTLS (for TCP or SCTP, respectively) or IPsec."

"4G operators often misconfigure Diameter"

"Researchers say that the Diameter misconfigurations they've spotted inside 4G networks are in many cases unique per each network but they usually repeat themselves to have them organized in five classes of attacks: (1) subscriber information disclosure, (2) network information disclosure, (3) subscriber traffic interception, (4) fraud, and (5) denial of service."
LTE  4G  cyber-spectrum  cybersecurity  Diameter  SS7 
21 days ago by pierredv
Why the US still won’t require SS7 fixes that could secure your phone | Ars Technica Apr 2019
"Yet decades later, SS7 and other components of the nation’s digital backbone remain flawed, leaving calls and texts vulnerable to interception and disruption. Instead of facing the challenges of our hyper-connected age, the FCC is stumbling, according to documents obtained by the Project On Government Oversight (POGO) and through extensive interviews with current and former agency employees. The agency is hampered by a lack of leadership on cybersecurity issues and a dearth of in-house technical expertise that all too often leaves it relying on security advice from the very companies it is supposed to oversee.
Captured

CSRIC is a prime example of this so-called “agency capture”—the group was set up to help supplement FCC expertise and craft meaningful rules for emerging technologies. But instead, the FCC’s reliance on security advice from industry representatives creates an inherent conflict of interest. The result is weakened regulation and enforcement that ultimately puts all Americans at risk, according to former agency staff."

"Emails from 2016 between working group members, obtained by POGO via a Freedom of Information Act request, show that the group dragged its feet on resolving SS7 security vulnerabilities despite urging from FCC officials to move quickly. The group also repeatedly ignored input from DHS technical experts.

The problem wasn’t figuring out a fix, however, according to David Simpson, a retired rear-admiral who led the FCC’s Public Safety and Homeland Security Bureau at the time. The group was quickly able to discern some best practices—primarily through using different filtering systems—that some major carriers had already deployed and that others could use to mitigate the risks associated with SS7."
SS7  telecoms  cybersecurity  ArsTechnica 
may 2019 by pierredv
[pdf] Next-generation networks, next-level cybersecurity problems - Positive Technologies
"In preparation for the brave new world of 5G and IoT, the last few years have seen operators make significant CapEx investments in their next-generation networks. However, despite spending billions upgrading from a protocol developed in the 70’s (ss7) to Diameter (4G and 5G), flaws exist that allow an attacker to carry out eavesdropping, tracking, fraud, theft, and worse."
networking  cybersecurity  cyber-spectrum  spectrum-vulnerability  SS7  Diameter  cellular  PositiveTechnologies 
march 2019 by pierredv
SS7 vulnerabilities and attack exposure report, 2018 - Positive Technologies
Via Dale

"This report reveals the results of SS7 security analysis. Signaling System 7 (SS7) is used for exchanging data between network devices in telecommunications networks. While this standard was being developed, only fixed-line operators had access to the SS7 network, so its security was not first on the priority list. Today the signaling network is not isolated, and this allows an intruder to exploit its flaws and intercept calls and SMSs, bypass billing, steal money from mobile accounts, or affect mobile network operability."

"Although new 4G networks use another signaling system, Diameter, SS7 security issues have not been forgotten, because mobile operators should ensure 2G and 3G support and interaction between networks of different generations. Moreover, research shows that Diameter is prone to the same threats. This protocol's vulnerabilities along with possible cross-protocol attacks that use Diameter and SS7 flaws will be outlined in the next report."

CONCLUSION

"The research has shown that the level of security of mobile communication networks is still low. The overwhelming majority of networks remain vulnerable, which allows criminals to intercept subscribers' voice calls and messages, perform fraudulent operations, and disrupt service availability for subscribers."
SS7  Diameter  spectrum-vulnerability  cyber-spectrum  cybersecurity  telecoms  2G  3G  4G  PositiveTechnologies 
march 2019 by pierredv
The Route of a Text Message – the scottbot irregular
"This is the third post in my full-stack dev (f-s d) series on the secret life of data. This installment is about a single text message: how it was typed, stored, sent, received, and displayed. I sprinkle in some history and context to break up the alphabet soup of protocols, but though the piece gets technical, it should all be easily understood."
code  infrastructure  security  cybersecurity  history  SS7 
january 2019 by pierredv
How spies can use your cellphone to find you – and eavesdrop on your calls and texts, too - The Washington Post, May 2018
"The letter [from the Department of Homeland Security to Sen. Ron Wyden (D-Ore.)], dated May 22 and obtained by The Washington Post, described surveillance systems that tap into a global messaging system that allows cellular customers to move from network to network as they travel. The decades-old messaging system, called SS7, has little security, allowing intelligence agencies and some criminal gangs to spy on unwitting targets — based on nothing more than their cellphone numbers."

"Researchers say that SS7 tracking systems around the world now create millions of “malicious queries” — meaning messages seeking unauthorized access to user information — each month."

"Firewalls installed by carriers in recent years block many of the malicious queries, but many others are successful in eliciting unauthorized information from cellular carriers worldwide."

"Criminals last year used SS7 to intercept security codes that a bank texted to its customers in Germany, allowing the criminals to steal money from accounts, according to news reports."

"Carriers worldwide have gradually added better security, but SS7 does not have any way to verify that carriers sending data requests are who they claim to be. The firewalls increasingly installed by carriers, meanwhile, protect their own customers but typically not people who are roaming on the network, said Engel, the German researcher who first reported the security and privacy risks of SS7."

"DHS, which declined to comment for this article, issued a report on SS7 cellphone security in April 2017 that noted the risk to federal personnel"

"The DHS report recommended that carriers adopt new protections. An FCC group, the Communications Security, Reliability and Interoperabilty Council, issued recommendations for improving SS7 security in March 2017 that U.S. carriers have largely adopted

CSRIC recos, see https://api.ctia.org/docs/default-source/default-document-library/ss7-statement-2017-final.pdf

FCC, Communications Security, Reliability and Interoperability Council,
WORKING GROUP 10: Legacy Systems Risk Reductions Final Report(Mar. 2017) https://www.fcc.gov/file/12153/download.
WashingtonPost  cybersecurity  cellular  cyber-spectrum  SS7  crime 
december 2018 by pierredv
Criminals are Now Exploiting SS7 Flaws to Hack Smartphone Two-Factor Authentication Systems - Schneier on Security
"I've previously written about the serious vulnerabilities in the SS7 phone routing system. Basically, the system doesn't authenticate messages. Now, criminals are using it to hack smartphone-based two-factor authentication systems"
cellular  security  hacking  SS7  Bruce-Schneier 
may 2017 by pierredv
SS7: Locate. Track. Manipulate: Tobias Engel - Dec 2014
"Companies are now selling the ability to track your phone number whereever you go. With a precision of up to 50 meters, detailed movement profiles can be compiled by somebody from the other side of the world without you ever knowing about it. But that is just the tip of the iceberg."
Deck: https://berlin.ccc.de/~tobias/25c3-locating-mobile-phones.pdf
Event: https://events.ccc.de/congress/2014/Fahrplan/events/6122.html
SS7  vulnerability 
april 2016 by pierredv

Copy this bookmark:





to read