Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Critical Hole At the Heart Of Our Cell Phone Networks (wired.com)

Posted by BeauHD on from the Led-Zeppelin-era dept.

An anonymous reader writes: Kim Zetter from WIRED writes an intriguing report about a vulnerability at the heart of our cell phone networks. It centers around Signaling System No. 7 (SS7), which refers to a data network -- and the protocols or rules that govern how information gets exchanged over it. Zetter writes, "It was designed in the 1970s to track and connect landline calls across different carrier networks, but is now commonly used to calculate cellular billing and send text messages, in addition to routing mobile and landline calls between carriers and regional switching centers. SS7 is part of the telecommunications backbone but is not the network your voice calls go through; it's a separate administrative network with a different function." According to WIRED, the problem is that SS7 is based on trust -- any request a telecom receives is considered legitimate. In addition to telecoms, government agencies, commercial companies and criminal groups can gain access to the network. Most attacks can be defended with readily available technologies, but more involved attacks take longer to defend against. T-Mobile and ATT have vulnerabilities with fixes that have yet to be implemented for example.

1 of 32 comments (clear)

  1. Re:Slow news? by Minupla · · Score: 3, Interesting

    Same reason that BGP isn't toast. Those who have the knowledge of how weak the locks are have no reason to leave the doors open behind them. It's really more surprising to anyone who's spent any time in the plumbing of the internet that it still functions, given the weaknesses in some of the protocols (check youtube for the looking glass site vulnerability talk from Defcon a couple of years ago for an example of how bad it is) then that it has holes.

    Telephone system is the same way, the people with the skills to exploit SS7 are the people who are invested in keeping the holes there. It's more useful to be able to track an arbitrary cell phone then it is to be able to bring down the international phone system and force the telcos to fix it.

    Min

    --
    On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before