IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Security Forum / phone calls and text messages still are protected
Post #397,340
by lincoln
12/19/14 12:17:12 PM
Reply
New phone calls and text messages still are protected

German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale - even when cellular networks are using the most advanced encryption now available.

The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world's cellular carriers to route calls, texts and other services to each other. Experts say it's increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world's billions of cellular customers.

The flaws discovered by the German researchers are actually functions built into SS7 for other purposes - such as keeping calls connected as users speed down highways, switching from cell tower to cell tower - that hackers can repurpose for surveillance because of the lax security on the network.

Those skilled at the myriad functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is potential to defraud users and cellular carriers by using SS7 functions, the researchers say.

These vulnerabilities continue to exist even as cellular carriers invest billions of dollars to upgrade to advanced 3G technology aimed, in part, at securing communications against unauthorized eavesdropping. But even as individual carriers harden their systems, they still must communicate with each other over SS7, leaving them open to any of thousands of companies worldwide with access to the network. That means that a single carrier in Congo or Kazakhstan, for example, could be used to hack into cellular networks in the United States, Europe or anywhere else.




http://my.chicagotribune.com/#section/549/article/p2p-82340723/




Satan (impatiently) to Newcomer: The trouble with you Chicago people is, that you think you are the best people down here; whereas you are merely the most numerous.
- - - Mark Twain, "Pudd'nhead Wilson's New Calendar" 1897
Post #397,342
by boxley
12/19/14 12:29:23 PM
Reply
New not an new issue the whole point of ss7 is interconnectability
so a caller on joe bobs telephone network can call yuri's cell phone in moscow which transverses many copper networks and finally to a cell tower. When you place a call, until the dial tone hits your ear ss7 is setting up the connection.
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free American and do not reflect the opinions of any person or company that I have had professional relations with in the past 59 years. meep
Post #397,356
by drook
Picture of drook
12/19/14 1:40:53 PM
Reply
New I'm sure the NSA has known this for a while
And if I were of a conspiratorial bent, I'd think they none-too-subtly suggested to various carriers that "fixing" the problems shouldn't be a high priority.
--

Drew
Post #397,358
by a6l6e6x
Picture of a6l6e6x
12/19/14 2:00:10 PM
Reply
New Re: NSA has known?
It is more likely that NSA has specified and got what it wanted.
Alex

"There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge."

-- Isaac Asimov
Post #399,345
by dmcarls
2/21/15 3:18:12 PM
Reply
New Re: NSA has known?
A long article, but very interesting.

"The massive key theft is “bad news for phone security. Really bad news.”

https://firstlook.org/theintercept/2015/02/19/great-sim-heist/
Post #399,346
by Another Scott
2/21/15 3:37:37 PM
Reply
New Kinda related - there are still laws about exporting encryption
Wikipedia:

Current status[edit]

As of 2009, non-military cryptography exports from the U.S. are controlled by the Department of Commerce's Bureau of Industry and Security.[9] Some restrictions still exist, even for mass market products, particularly with regard to export to "rogue states" and terrorist organizations. Militarized encryption equipment, TEMPEST-approved electronics, custom cryptographic software, and even cryptographic consulting services still require an export license[9](pp. 6–7). Furthermore, encryption registration with the BIS is required for the export of "mass market encryption commodities, software and components with encryption exceeding 64 bits" (75 F.R. 36494). In addition, other items require a one-time review by or notification to BIS prior to export to most countries.[9] For instance, the BIS must be notified before open-source cryptographic software is made publicly available on the Internet, though no review is required.[10] Export regulations have been relaxed from pre-1996 standards, but are still complex.[9] Other countries, notably those participating in the Wassenaar Arrangement,[11] have similar restrictions.[12]

US export rules[edit]

US non-military exports are controlled by Export Administration Regulations (EAR), a short name for the US Code of Federal Regulations (CFR) Title 15 chapter VII, subchapter C.

Encryption items specifically designed, developed, configured, adapted or modified for military applications (including command, control and intelligence applications) are controlled by the Department of State on the United States Munitions List.


The NSA is in the business of being able to get signals intelligence from anyone overseas. People who are shocked, shocked, that the NSA can get information from encrypted communications on cell phones aren't paying attention.

My $0.02.

Cheers,
Scott.
Post #399,347
by a6l6e6x
Picture of a6l6e6x
2/21/15 5:23:02 PM
Reply
New All your base are belong to us!
Alex

"There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge."

-- Isaac Asimov
Post #397,362
by boxley
12/19/14 3:01:23 PM
Reply
New stuff ss7 does for you
SS 7 can communicate great amounts of information during the call, which allows development of various call-related services. Call forwarding, call waiting, voice mail, number display, malicious caller ID, and call screening are some of these services.
http://www.tech-faq.com/ss7.html and if you have access to this out of band data stream, you have it too
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free American and do not reflect the opinions of any person or company that I have had professional relations with in the past 59 years. meep
     phone calls and text messages still are protected - (lincoln) - (7) - Dec. 19, 2014, 12:17:12 PM EST
         not an new issue the whole point of ss7 is interconnectability - (boxley) - Dec. 19, 2014, 12:29:23 PM EST
         I'm sure the NSA has known this for a while - (drook) - (4) - Dec. 19, 2014, 01:40:53 PM EST
             Re: NSA has known? - (a6l6e6x) - (3) - Dec. 19, 2014, 02:00:10 PM EST
                 Re: NSA has known? - (dmcarls) - (2) - Feb. 21, 2015, 03:18:12 PM EST
                     Kinda related - there are still laws about exporting encryption - (Another Scott) - Feb. 21, 2015, 03:37:37 PM EST
                     All your base are belong to us! -NT - (a6l6e6x) - Feb. 21, 2015, 05:23:02 PM EST
         stuff ss7 does for you - (boxley) - Dec. 19, 2014, 03:01:23 PM EST

A load of old toss.
76 ms