Slashdot Mirror
Researchers Discover SS7 Flaw, Allowing Total Access To Any Cell Phone, Anywhere
krakman writes: Researchers discovered security flaws in SS7 that allow listening to private phone calls and intercepting text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available. The flaws, to be reported at a hacker conference in Hamburg this month, are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network. It is thought that these flaws were used for bugging German Chancellor Angela's Merkel's phone.
Those skilled at the housekeeping functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption (Google translation of German original). There is also potential to defraud users and cellular carriers by using SS7 functions, the researchers say. This is another result of security being considered only after the fact, as opposed to being part of the initial design.
Those skilled at the housekeeping functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption (Google translation of German original). There is also potential to defraud users and cellular carriers by using SS7 functions, the researchers say. This is another result of security being considered only after the fact, as opposed to being part of the initial design.
yea, I've been laughing about this story... If this scares you, never look up how landlines work, that'd terrify you. lol
You could take pretty much any speaker you wanted to, run a jumper to the switch and listen to any phone call you wanted. ANYONE in your neighborhood can walk over to any one of the hundreds of pedestals in your neighborhood and do the same. If you really want to get fancy you can go get a butt set off Amazon for $10 and dial out to. And all that's before we get to someone with switch access... they can issue commands to link your call to another number so they can listen in, etc...
You've absolutely no privacy on a land-line phone call.
This isn't even a back door; it's how the system works. Only the authorized licensed carriers are supposed to issue command codes, just like the C,D,E,F touch-tones (yes, Virginia, there are four more than on your phone). What's being described here is a basic fraud, as basic as Charlie Chaplin in a restaurant posing as a waiter and pocketing the money someone else leaves with a bill. The failure is in assuming that someone intending to violate conventions and rules will follow the "authorizations" any more than they will follow any other rules.
Yes, flaw. SS7 dates back to the late 70s, and has roots all the way back in the early 60s. Nobody encrypted anything back then, it was a miracle it worked at all.
So, clearly SS8 (or whatever) needs to take this into consideration, but...
Except with the land line, someone has to go find your physical wire pair and connect to it. This is a software hack.
As far back to (at least) the 1970's/80's there was the "Infinity device". You connected it between your phone and landline, dial any number and that phone would connect without ringing. This allowed the person using the device to eavesdrop on the conversation in the room the target phone was located.
(From Wiki): An infinity transmitter (also known as a harmonica bug) is a surveillance device used to covertly monitor conversation in a room through a telephone line. Its name derives from the fact that, by using a telephone line as a transmitter, it can work at an infinite distance, unlike other bugging devices that have only a finite signal range. The alternative name 'harmonica bug' refers to the fact that such devices were originally activated using the tone produced by a harmonica. Design of infinity transmitters has varied, according to developments in telephone systems. In some instances, the bug is activated after the target answers and hangs up their phone. In countries where there is a delay between connection and the first ring, the bug can be activated before the target phone rings, so that the infinity transmitter essentially 'answers' the call. In more advanced systems, the transmitter can be placed in a parallel telephone line to prevent the victim's phone line remaining engaged. As modern telephone lines no longer establish a voice path until the call is answered a variant of this now exists that uses CND, or caller ID. Usually an unusual sequence of non printing characters is used and thus will not show up on a display device. Sometimes the caller ID device itself has the bug but it can be nearly anywhere. In much the same manner a cellphone can be configured for silence on ring and auto answer and hidden, frequently placed inside something that has power available to maintain the battery. This allows the infinity transmitter to be hidden inside an automobile or other location where a land line is not an option.
http://en.wikipedia.org/wiki/I...