Slashdot Mirror
Researchers Discover SS7 Flaw, Allowing Total Access To Any Cell Phone, Anywhere
krakman writes: Researchers discovered security flaws in SS7 that allow listening to private phone calls and intercepting text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available. The flaws, to be reported at a hacker conference in Hamburg this month, are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network. It is thought that these flaws were used for bugging German Chancellor Angela's Merkel's phone.
Those skilled at the housekeeping functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption (Google translation of German original). There is also potential to defraud users and cellular carriers by using SS7 functions, the researchers say. This is another result of security being considered only after the fact, as opposed to being part of the initial design.
Those skilled at the housekeeping functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption (Google translation of German original). There is also potential to defraud users and cellular carriers by using SS7 functions, the researchers say. This is another result of security being considered only after the fact, as opposed to being part of the initial design.
"Flaw"? Is anyone really that ignorant these days? This is not a bug, it's by design.
The only flaw I see in this is that someone discovered the intentional backdoor. This was not unintentional by any means.
SS7 pre-dates the modern processing explosion. Early systems were stretching their embedded 386 just to handle the protocol messages. Any additional security would have made the systems pretty much impractical for another few years.
As a result, it was designed around physical security of the signalling lines, and that is pretty much the way it has stayed. Only certified equipment gets connected to core equipment. Foreign equipment goes through an SS7 gateway (really a firewall of sorts). Encrypted tunnels are use for connecting SS7 networks over insecure channels.
So basically your calls are as good as the physical security of the core switches. Which is generally pretty good. And if you have physical access to the core switches, then there are probably many other ways you could listen in anyway.
No, this will not solve the problem. The main issue is at protocol level, not cellphone level. Even with a secured phone, the attack can be silently executed.
The only defense is using encrypted calls and encrypted text messages.
SS7 stands for Signalling System No. 7
SS7 protocol enable the cellphone network to identify the identification of a certain user, no matter where that particular user turns up
This isn't even a back door; it's how the system works. Only the authorized licensed carriers are supposed to issue command codes, just like the C,D,E,F touch-tones (yes, Virginia, there are four more than on your phone). What's being described here is a basic fraud, as basic as Charlie Chaplin in a restaurant posing as a waiter and pocketing the money someone else leaves with a bill. The failure is in assuming that someone intending to violate conventions and rules will follow the "authorizations" any more than they will follow any other rules.
Uh.. the whole point of transport layer encryption is that you assume an attacker can record your communication and the encryption prevents the attacker from figuring out the real contents of the communication.
If you know for a fact that no unauthorized party can actually tap to your communication channel.. you don't even have to bother with the encryption in the first place.
The rest of the issue is due to the fact that the SS7 protocol is a byzantinely complex and very very old standard going way WAY back before data security was taken into account.
For all the people saying this is some intentional backdoor... if the NSA really were that smart to sneak this into a design-by-committee standard where hundreds of engineers spent years niggling over details, then you might as well give up now because you just said they are smart enough to insert backdoors into the Linux kernel or any other complex open source project too and they'll get away with it for decades before they get caught.
AntiFA: An abbreviation for Anti First Amendment.
The obvious solution is just have the handsets negotiate. There is absolutely no "good" reason call setup between two cellular handsets (or any other digital endpoint for that matter) should not feature some kind of certificate validation step between the end points followed by the exchange of uniquely per call generated symmetric key exchanged securely using the same PKI used to validate the certificate authenticity. Essentially SSL for phone calls.
People could use third party CAs like they do for the web today for most callers. Phone software should be easily configured to ONLY accept previously installed self signed certificates for certain subjects. IE if a call wants to identify itself as being from cousin bob's cellphone it will be rejected unless it its signed with the public key Bob previously gave me; even if the cert has a valid their part signature and is otherwise valid. Users could easily exchange keys in person using bluetooth + pin etc.
This would allow LEAs to eavesdrop by MTIMing calls between say an individual and a financial institution. With a warrant the third party CA the financial uses could be compelled to provide the LEA with valid cert for that subject hopefully with a expiry of only a few days. Of course techniques like cert pinning could be used to detect this by individuals. It would leave LEA's with no easy avenue to eavesdrop on calls between Bob and myself. I think this is a reasonable compromise.
On the other hand it still does nothing to address the mass surveillance concern. It will still be easy for instance for an LEA to obtain call records from the phone company. They won't have the content and won't be able to get at it, but they absolutely can know when, how long, and how often Bob and I spoke. They can also know who else Bob and I called. We know that this information is very revealing, its been used very effectively to identify relationships. Its less clear it violates the 4th than accessing the content. I don't like it but it might be again part of an acceptable compromise.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
SS7 dates to the '70s. Pretty much no communications protocols intended for general use were designed with even the thought of security at the time. The number of players in the game was small enough that any bad behavior could be rooted out fairly easily.
Look at email for the same basic problem, it was designed with the assumption that the parties involved could be trusted because on the networks it was designed for that was generally the case. Over time the trustworthiness of the network was degraded for reasons both good and bad, but the common protocols had already been established by then and it's a long road to change.
I won't argue that there probably has been some "influence" on decisions about adopting more secure replacements, but it's a bit tinfoil hattish to claim that the protocols themselves were intentionally made insecure when it's well documented that most protocols from that era just weren't designed to try to be secure in the first place.
I used to get high on life, but I developed a tolerance. Now I need something stronger.
If I break into your house, and then walk into your main hallway, and then say, "There is a security flaw in your home! From this point in your hallway I can listen to any room, or walk down freely into any room." As you're looking at your front door splintered from the battering ram I hit it with to get in, would you call it a "hack," a flaw or something to be concerned about how your hallway(s) go through your house? No, you'd say, "The hallway is fine, I need a stronger front door. BTW, the Glock I'm holding is loaded."
When I start to read, "SS7 was designed in the 80s," I already know I'm dealing wtih a mental midget. Actually, SS7 begain due to the first ever hackers. Remember 2600? As in, 2600 Hz was the signaling frequency for a landline switch. Throw that tone, and you could make calls (for free if it was a payphone). Hence, telecoms came up with an idea to do out of band signaling, which eventually became SS7. So, saying you can "hack" SS7 is very misleading because all SS7 does is coordinate call set up. That "ringing" you hear as you wait for the far, distant switch to reply that the called line is available, is a "comfort tone," as SS7 does it's work. Besides cutting down on fraud, SS7 keeps circuits available, because if the called number is busy, or unavailable, there's no point in setting up a line between your local switch and the switch at the far end.
In the deepest bowels of a switching office, usually near the back, you'll see SS7 racks. These connect from and between local, long-distance and other switches. It's what you'd call, "Back Office," network, similar to the network used by the telecoms to manage their servers your traffic go across but you'll never touch. Such as 3G data going through PCF after it's left the mobile switch, and before it hits an internet backbone ATM. So in simple terms, you'd have to break in, figure out the network, and then figure out a 2nd break in to get to the SS7, and then you'd be in a very small part of the network.
Honestly, if you're going to be doing that much effort, you're NOT going after SS7. Just hack the 3-letter agencies or other LEO server for court-approved wiretapping that is hanging off the switching network and you're in anything, everything, anywhere.
I tripped over the ruts from the SS7 bandwagon over a decade ago. back then, you had to be in the CO and on the terminal of the Stratum server to spy on SS7 traffic. ability to scoop up the slop in a bucket came later.
if this is supposed to be a new economy, how come they still want my old fashioned money?
The comments above about SS7 being designed without security are spot-on. In the old days, access to the SS7 network was strictly for big players and salesmen with 'extremely customer-friendly' expense accounts. Basically, anyone with access was a big player (with all the baggage that entails).
Really, the issue here is with MAP (an add-on to SS7 to support mobiles). The explosion of mobile means SS7 is no longer just the playing field for national carriers - mobile-only operators came to the party (still all $xbillion players). Then, smaller countries with some interesting networks came on the scene, and rather naughty SS7 traffic started to appear on the network.
Smarter operators (or at least bigger ones who got their fingers burnt) spent money to install gateways that limit and control their exposure (wouldn't you?). The less clueful/more cash-strapped/networks in less-developed countries remain more exposed.
Anyone interested can search for 'SS7 mobility management' ; the <a href="http://www.informit.com/library/content.aspx?b=Signaling_System_No_7&seqNum=116">code is easy</a>, the issue is getting access to the network.
Oh, wait, these days SS7 is being routed over IP now (ever wondered what the <a href="http://lksctp.sourceforge.net/">linux SCTP module</a> is actually for?).
All your ghosts are just false positives.
Also, computing technology was large, slow, power hungry, and expensive. Cryptography was primitive due the lack of cpu processing to handle the complex math, and doing it in hardware was another exercise in expensive. Any considerations for security would've quickly been dismissed as a) unnecessary, and b) prohibitively expensive.
Why haven't "we" updated the system? Because there's an immense amount of "legacy" gear still running the PSTN to this day. The AT&T 5ESS local switch I walked past several times a month (in the front of the room where the IP gear lived) and later worked on in various admin roles, was installed in 1974. There was a faded dot-matrix printout on the side detailing it's origin and when it was installed. It is still there handling calls to this day. My home town was still served by a rotary switch into the 80's before Bellsouth finally replaced it with a tiny building across the street housing a DMS100 -- 30+ years on and it's still there.
Cellular is the only thing seeing regular technology refreshes. And that's driven by new technologies... AMPS to PCS to CDMA to LTE...
The problem is that there a lot more SS7 systems out there now and not all under the control of competent/secure telcos but for various reasons (including mobile roaming) there is implicit level of trust between telcos. You might be filtered out in the US, but perhaps not somewhere else. There is already a problem of being able to pull locator info including cell-id for a cell phone from any other SS7 mobile switch. The trick is to get in at that level which isn't hard given the appetite of some regimes for foreign currency.
See my journal, I write things there