Slashdot Mirror
Your Phone Number Is All a Hacker Needs To Read Texts, Listen To Calls and Track You (theguardian.com)
Samuel Gibbs, reporting for The Guardian: Hackers have again demonstrated that no matter how many security precautions someone takes, all a hacker needs to track their location and snoop on their phone calls and texts is their phone number. The hack, first demonstrated by German security researcher Karsten Nohl in 2014 at a hacker convention in Hamburg, has been shown to still be active by Nohl over a year later for CBS's 60 Minutes. The hack uses the network interchange service called Signalling System No. 7 (SS7), also known as C7 in the UK or CCSS7 in the US, which acts as a broker between mobile phone networks. When calls or text messages are made across networks SS7 handles details such as number translation, SMS transfer, billing and other back-end duties that connect one network or caller to another. By hacking into or otherwise gaining access to the SS7 system, an attacker can track a person's location based on mobile phone mast triangulation, read their sent and received text messages, and log, record and listen into their phone calls, simply by using their phone number as an identifier.Also from the report, "60 Minutes contacted the cellular phone trade association to ask about attacks on the SS7 network. They acknowledged there have been reports of security breaches abroad, but assured us that all U.S. cellphone networks were secure." Update: 04/18 16:51 GMT by M :Reader blottsie writes: U.S. Rep. Ted Lieu (D-Cali.) on Monday called for a full congressional investigation into the aforementioned widespread flaw in global phone networks.
All they need is your phone number and access to the SS7 system.
Long signatures suck.
If you have access to the cell phone companies network, you can do what the cell phone companies do. Next on 60 Minutes: if a thief steals your car, he can drive it anywhere he wants to! Tune in at 11 for more SHOCKING details.
"They acknowledged there have been reports of security breaches abroad, but assured us that all U.S. cellphone networks were secure."
Oh, so that's alright then.
SS7 was the telco's efforts to block MFers using the "blue box"; Switching from in-band signalling to out-of-band signalling.
SS7, however, provides some inter-carrier connectivity to enable roaming between carriers; With an IMSI, the visited network can ask the home network "can I give this IMSI service?"... and a deactivation from the home carrier's network to the visited carrier's switches can turn the phone off (used to suppress roaming fraud).
Estimating Community Drug Abuse by Wastewater Analysis, Environ Health Perspect. 2008 Aug; 116(8): 1027–1032.
Wastewater analysis and drugs — a European multi-city study
May as well walk around naked
Please don't
Harrison's Postulate - "For every action there is an equal and opposite criticism"
The tracking method doesn't use the phone's location service, it's done by triangulating the signal so a dumb phone won't help in any way.
ics
SS7...wow, that takes me back. I thought it had gone out with the landline. Yeah, SS7 has to know your number, that's kind of the whole point of the system, to be able to set up and tear down the call, and to bill correctly. Out-of-band signalling was the death of the oldschool phone phreak, who depended on being able to send tones down the line to control the call. Good ol' Phrack. And idiotic Phrack writers who didn't know what they were talking about. It's a good thing they didn't have comment sections back then, only a periodic publication. Erik Bloodaxe, Voyager, Sirsyko, and when Mudge wasn't an establishment tool. Netta Gilboa. RBOCs. Dumpster diving behind the phone company's central offices. Good times.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Mobile networks use two different SS7 networks, one for TCAP communication which includes SMS but not voice and one for ISUP which includes no voice and no SMS (it is a Signalling System). Voice has moved over to SIP from ISUP and the majority of all voice calls never leave the Mobile Switching Center(MSC) and thus there is nothing to tap. Additionally the Mobile Directory Number is not the key used for communication, the IMSI is.
Basically, if you know a Mobile Directory Number and you could insert yourself into the SS7 network you could find out where the phone is but only the city and state, assuming the city was big enough, you only get the MSC. You could also send SMS messages to the phone but you can do that already can't you?
No, the encryption is between the phone and base station, not inside SS7 network.
not only that, I have them all memorized. Don't believe me? Here's one. (301)437-5529. Here's another.(207)844-627. And yet know even more. (902)887-8535. I even know your phone number. Doesn't matter what country or where you live. I know them all.
As it happens, I read Exploding the Phone by Phil Lapsley about a week ago, and it's still on my desk. It's a great book. If you like this kind of stuff (I know I do) this book contains as much material on the subject as can reasonably fit in under 400 pages. If you like this stuff, read it.
The pertinent chapter for this thread is titled "A Little Bit Stupid" in which John Draper exploits recently automated [*] "busy verification" to eavesdrop on a primary line of the San Francisco FBI. How do you like them apples, with the roles reversed? (Hint: not very much, not very much at all.)
[*] It had become a little bit too automated in certain large American cities, which additionally qualifies this material for the Boy Scout merit badge "Stolid and Stupider", though that's a much harder-to-tell story about design incompetence internal to greed-addled AT&T.
Even though Draper bragged to a turncoat, he was still protected by the FBI's nearly impenetrable internal aura of "impossible things can't happen to us" until Draper demonstrated the technique while his turncoat buddy made a tape recording.
Why so much fuss? To protect the rectitude of lovable Uncle Sam? Probably not so much. Because tight-assed officialdom in positions of power say a great many things they definitely don't wish to defend against the harsh light of day? You be the judge.
Really, I don't know how Lapsley managed to write this entire book and not intrude more into the obvious. Perhaps two hundred pages of draft manuscript hit the floor in the editing process. (I know every third sentence in my first draft would have contained judgmental invective.)
Here's another thing that freaked out the FBI. The hackers weren't even savvy enough to try to market their incredible capability to the highest bidder (Sold!—to the secret undercover double-agent Flim Colby) and they weren't actually taking any money! or drugs! or prostitutes! so you can't even release the scent hounds.
Alfred Hitchcock
Action is where your crepuscular adversary has taped your intimate moments of conspiratorial graft and offered it up to the highest bidder. The FBI loves action.
Suspense is where your glazed-doughnut adversary has recorded your intimate moments of conspiratorial graft, and doesn't even give a shit, so pretty soon compromising cassette tapes are bouncing around on the dashboard of some horrible mid-seventies beater or tossed randomly into a shoe box of bad Country and Western ($2 obo) at someone's yard sale. The FBI hates suspense.
You see? I'm terribly prone to editorialising.
Anyway, my point about the SS7 hack is pretty much "dog bites man". This kind of thing has been ubiquitous since the first long-hair envious AT&T engineer included "observability" in his desiderata concerning globally distributed systems undergoing a Groundhog Day–esque eternal-September late pubescent growth spurt.
So my non-tech friend who happens to be way too nice of a person crossed paths with a sociopath female who has been monitoring all his texts, calls and tracking him at different locations (and showing up) and then calling his ex girlfriends (or current ones) to let them know where he's at, who hes with and what's being said.. Being somewhat a tech person myself, we set up all new passwords, factory reset, two way authentication, changed his phone number, etc, etc... Now since I am not around him at all times I cannot vouch that he isn't making a mistake which somewhat compromises his accounts but I am pretty confident its outside of our control.. When researching this issue, we have been hearing rumors that people can go into Mexico and can easily get software that can access possibly this 'SS7' hack. The local police have been no help and the FBI has not responded to our claim which basically just leaves my friend having to deal with this psycho. He has also gotten a restraining order against her but she lives in and out of Tijuana and San Diego and we live in San Diego (45 mins apart) and so far it hasn't helped at all. Jokingly I suggested he should just marry her to stop the harassment but maybe y'all have some ideas. So I ask my fellow slashdotters: Anything else we can do to end this 3 year run and possibly get charges to stick against her? Sarcastic replies in 3.. 2 ..1 ..