Researchers Discover SS7 Flaw, Allowing Total Access To Any Cell Phone, Anywhere

← Back to Stories (view on slashdot.org)

Researchers Discover SS7 Flaw, Allowing Total Access To Any Cell Phone, Anywhere

Posted by Soulskill on Friday December 19, 2014 @02:32AM from the just-in-case-you-were-feeling-safe-and-secure-today dept.

krakman writes: Researchers discovered security flaws in SS7 that allow listening to private phone calls and intercepting text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available. The flaws, to be reported at a hacker conference in Hamburg this month, are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network. It is thought that these flaws were used for bugging German Chancellor Angela's Merkel's phone.

Those skilled at the housekeeping functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption (Google translation of German original). There is also potential to defraud users and cellular carriers by using SS7 functions, the researchers say. This is another result of security being considered only after the fact, as opposed to being part of the initial design.

8 of 89 comments (clear)

Min score:

Reason:

Sort:

How naive... by Anonymous Coward · 2014-12-19 02:34 · Score: 4, Insightful

"Flaw"? Is anyone really that ignorant these days? This is not a bug, it's by design.
1. Re:How naive... by squiggleslash · 2014-12-19 06:26 · Score: 4, Insightful
  
  Your use of the term "naive" suggests you think it's designed that way due to conspiracy.
  SS7 is a protocol designed to do all these things because it's designed to manage the phone network. That's it's job. If it didn't do those things, it couldn't be used to route phone calls.
  Does it have poor security? Yes in the 2014 world, but at the time it was developed virtually every phone company was a monopoly, and it was just assumed only a small handful of easily accountable giant telcos, usually only one in each nation, would ever use it directly. You might just as well criticize non-networked single-user circa-1977 CP/M for not having logins and user/group ownership of files.
  
  --
  You are not alone. This is not normal. None of this is normal.
Yeah sure... by Anonymous Coward · 2014-12-19 02:38 · Score: 2, Insightful

The only flaw I see in this is that someone discovered the intentional backdoor. This was not unintentional by any means.
Re:Hardware Security by NixieBunny · 2014-12-19 03:02 · Score: 4, Insightful

Except with the land line, someone has to go find your physical wire pair and connect to it. This is a software hack.

--
The determined Real Programmer can write Fortran programs in any language.
Intercepting encrypted communications! OMG! by CajunArson · 2014-12-19 03:05 · Score: 3, Insightful

Uh.. the whole point of transport layer encryption is that you assume an attacker can record your communication and the encryption prevents the attacker from figuring out the real contents of the communication.
If you know for a fact that no unauthorized party can actually tap to your communication channel.. you don't even have to bother with the encryption in the first place.
The rest of the issue is due to the fact that the SS7 protocol is a byzantinely complex and very very old standard going way WAY back before data security was taken into account.
For all the people saying this is some intentional backdoor... if the NSA really were that smart to sneak this into a design-by-committee standard where hundreds of engineers spent years niggling over details, then you might as well give up now because you just said they are smart enough to insert backdoors into the Linux kernel or any other complex open source project too and they'll get away with it for decades before they get caught.

--
AntiFA: An abbreviation for Anti First Amendment.
1. Re:Intercepting encrypted communications! OMG! by Anonymous Coward · 2014-12-19 03:10 · Score: 2, Insightful
  
  For all the people saying this is some intentional backdoor... if the NSA really were that smart to sneak this into a design-by-committee standard where hundreds of engineers spent years niggling over details, then you might as well give up now because you just said they are smart enough to insert backdoors into the Linux kernel or any other complex open source project too and they'll get away with it for decades before they get caught.
  NIST standards aren't design-by-committee standards with hundreds of engineers niggling for years over details? You're naiveté is pretty cute.
2. Re:Intercepting encrypted communications! OMG! by meta-monkey · 2014-12-19 04:13 · Score: 5, Insightful
  
  This isn't even about a subversion of standards. It's kind of required for cell phones to work that the towers are able to identify your handset and route your calls and messages. This isn't an OTA exploit. You still have to have physical access to the switch and credentials.
  OMG guys! I've discovered a terrible, awful vulnerability in Linux!!! If somebody has your root password, they can, with a few keystrokes, have total access to your computer! They can read all your files, change them, delete them, anything! We're doomed!
  No, the problem with government surveillance is a political one, not a technological one. As long as they have the authority to hook their boxes into the communications lines, nothing can ever be secure. Somebody has to have root access to the system for the system to work and be maintainable.
  I work at a hospital, and I have root access to the database. ZOMG your medical records aren't secure! Somebody sitting at the server with the root password can see everything! Ummmm no, your records are fine. I have to have access to the database to do my job. But we have a political system including an internal review board and threats of felony criminal prosecution if I were to do anything to violate your privacy. Also I'm not a dick. The solution to government surveillance is a political one. We need people who aren't dicks and rules that put them in jail if they intercept your calls.
  
  --
  We don't have a state-run media we have a media-run state.
Re:LOL. by wolrahnaes · 2014-12-19 04:13 · Score: 5, Insightful

SS7 dates to the '70s. Pretty much no communications protocols intended for general use were designed with even the thought of security at the time. The number of players in the game was small enough that any bad behavior could be rooted out fairly easily.
Look at email for the same basic problem, it was designed with the assumption that the parties involved could be trusted because on the networks it was designed for that was generally the case. Over time the trustworthiness of the network was degraded for reasons both good and bad, but the common protocols had already been established by then and it's a long road to change.
I won't argue that there probably has been some "influence" on decisions about adopting more secure replacements, but it's a bit tinfoil hattish to claim that the protocols themselves were intentionally made insecure when it's well documented that most protocols from that era just weren't designed to try to be secure in the first place.

--
I used to get high on life, but I developed a tolerance. Now I need something stronger.