Slashdot Mirror
Telecom Lobbyists Downplayed 'Theoretical' Security Flaws in Mobile Data Backbone (vice.com)
An anonymous reader shares a report: According to a confidential document obtained by Motherboard, wireless communications lobby group CTIA took issue with an in-depth report by the Department of Homeland Security on mobile device security, including flaws with the SS7 network. In a white paper sent to members of Congress and the Department of Homeland Security, CTIA, a telecom lobbying group that represents Verizon, AT&T, and other wireless carriers, argued that "Congress and the Administration should reject the [DHS] Report's call for greater regulation" while downplaying "theoretical" security vulnerabilities in a mobile data network that hackers may be able to use to monitor phones across the globe, according to the confidential document obtained by Motherboard. However, experts strongly disagree about the threat these vulnerabilities pose, saying the flaws should be taken seriously before criminals exploit them. SS7, a network and protocol often used to route messages when a user is roaming outside their provider's coverage, is exploited by criminals and surveillance companies to track targets, intercept phone calls or sweep up text messages. In some cases, criminals have used SS7 attacks to obtain bank account two-factor authentication tokens, and last year, California Rep. Ted Lieu said that, for hackers, "the applications for this vulnerability are seemingly limitless."
So why spend a cent to fix the issue. The free market is the best! It fixes everything. I'll just go to the carrier who fixes it. Oh wait, this is collective bargaining. No one fixes it and there is no where to go.
... gonna be cheap.
Anons need not reply. Questions end with a question mark.
Er...was it "confidential" or "a white paper sent to members of Congress". Probably not both.
One man's security flaw is another man's way to implement Stingray?
Why the extreme secrecy about Stingray? A couple thoughts on that.
The digital cell phone system was designed when we were using Windows 3.1. The system cannot withstand 21st century attacks. There must be some fundamental weakness in the way the network operates. This cannot be corrected without significant changes throughout the network base stations and mobile equipment. Thus it is expensive and time consuming to fix over a generation or more of equipment. This vulnerability may be the very basis of how Stingray works. If the secret got out, chaos would ensue. Everyone would be building their own Stingray devices. Poor people would be spying on rich people. Therefore we see security through obscurity of the vulnerability. Thus secrecy is paramount above all else including prosecutions. How this works can never be disclosed in open court, not even under the belly of a court ordered seal. The stakes are just too high.
Another theory. Stingray involves the illegal use of stolen credentials, keys, code or other information, or violation of an NDA. Therefore Stingray itself is illegal. Use and possibly even possession of Stingray may itself may run afoul of the law. Possibly if the secret of Stingray's operation got out, it might reveal, down to a small group of individuals who stole what, or who colluded with who.
For the two foregoing reasons, don't expect Stingray to see the light of day. That is why police can't even disclose that they have, let along use Stingray. Stingray is so secret that they will let proven criminals go free rather than use Stingray evidence in court. Or they will engage in "parallel construction" to avoid disclosing Stingray. (eg, Parallel Construction: a conspiracy of the prosecution and law enforcement to commit perjury and lie to the court about what their evidence actually is and how the investigation was conducted. Withholding this vital information from the defense.)
I'll see your senator, and I'll raise you two judges.
Then they won't mind accepting unlimited and uncapped liability?
According to a confidential document obtained by Motherboard
The problem lies that almost everyone directly deals with SS7.
Every ISP that offers voice services have direct access to SS7 protocols for fully implementing advanced calling features, multi-ring, international routing, cross-network billing, etc. in order to work seamlessly with the traditional phone systems.
The attack vector would be to get into one of the smaller isps, and hijack their internal link to SS7, which is likely a much easier vector in.
Judging by the number of ISP breaches... that this is probably much more easily done.
You can then insert message packets, change the source and destination identifiers, and then create a dual stream of data and insert yourself into the call set-up or modification process (like adding new callers to conference, pre-empt connection and connect to alternate priority number and re-signal the connection after you place your line into the loop.
And due to the sheer quantity of data, these additional, legitimate services (Spam pre-filtering/blocking, group calling, etc), will simply get lost in the mix.
'Theoretical' Security Flaws
I think the NSA has a whole department for these.
It must have been something you assimilated. . . .
It has never had any relation to the real world.
Tell that to all the people who had their bank accounts drained using an SS7 exploit:
https://www.theregister.co.uk/...
Tell that to US congressman Ted Lieu who had his phone calls listened to using SS7:
https://www.theguardian.com/te...
I bet they believe you that the exploits don't exist in the real world...
The problem is the "internal" network is available to around 800 companies. If the ss7 network of one is hacked or an employee who has access to it is bribed, the entire network is compromised. SS7 is a basically a network protocol that uses usernames with no passwords. I don't know where you get the idea that it doesn't carry voice, but SS7 is used for roaming and it can re-route, block, or listen in on phone calls or texts. It also allows obtaining the cell tower a phone number is currently connected to (and thus rough location).
SS7 is the reason NIST no longer recommends using SMS for two-factor authentication.
This message is encrypted with Quad ROT-13 to protect the author's copyright under the DMCA.
For the last fileSytemChecking time! SS7 IS NOT a "Mobile Data Backbone"
SS7 is a SIGNALING protocol. Think of ICMP+OSPF+BGP... this is used for the "Switches" in the telecom network to coordinate among themselves, and NOT to carry data (unless you consider SMSs data). Very important, yes. I'd dare say critical. But, Mobile Data Backbone... NO!
Call it something other than Mobile Data BackBone.
*** Suerte a todos y Feliz dia!
Judging by the number of ISP breaches... that this is probably much more easily done.
Not only is it done "easily enough", but the consequences are pretty dire. So far, we're seeing folks getting their bank accounts drained.
That stuff lacks vision.
Imagine if somebody forwarded calls between ${a certain politician} and ${donor} to the staff at ${late night comedy show}.
Full Disclosure: I'm investing heavily in popcorn.
-- Sometimes you have to turn the lights off in order to see.