Serious Weaknesses seen in Cell phone Networks
“America’s digital adversaries may have spent years eavesdropping on officials’ private phone conversations through vulnerabilities in the global cell phone network, according to security experts.
A recent “60 Minutes” segment displayed the extent of the weakness, spurring government into action this week. Federal agencies vowed to investigate and Capitol Hill has begun looking into the issue.
Specialists believe countries like China, Russia and Iran have all likely exploited the deficiency to record calls, pilfer phone data and remotely track high-value targets.
“I would be flabbergasted if these foreign governments were not monitoring large numbers of American officials on their cell phones,” Rep. Ted Lieu (D-Calif.) told The Hill.
Lieu, who holds a bachelor’s degree in computer science, offered up his phone to German computer scientist Karsten Nohl to test the extent of the vulnerability on “60 Minutes.” Hackers were able to record Lieu’s calls, view his contacts and monitor his movements, armed with just the Los Angeles Democrat’s phone number.
Despite the government’s pledges to rectify the problem, Lieu and security researchers insist officials have lost valuable time.
The vulnerabilities have been known for several years, and even bubbled up in the media in late 2014. After the flaws came back into the spotlight, Lieu said the government failed to take basic steps.
For instance, he said, “I am still dumbfounded as to why I have yet to see an alert go out to members of Congress.”
Most telecom companies use decades-old protocols known as Signaling System No. 7 or SS7 to direct mobile communications around the world.
It is these protocols that are seen as insecure.
“The SS7 network was never designed to be secure,” explained Les Goldsmith, a researcher with Las Vegas security firm ESD. “It was originally a cable in Europe. It had no encryption.”
But SS7 serves a vital purpose. The network helps keep calls connected as users bounce from cell tower to cell tower, and routes text messages to their final location. It’s also how people get service when they travel to another country, outside the reach of their normal carrier.
The problem is that anyone who can gain entry to the SS7 system can also repurpose these signals and intercept calls and texts.
The attack surface is vast. There are over 800 cell phone networks around the world, each with roughly 100 to 200 interlocking roaming agreements with other networks, Goldsmith said.
That means virtually every cell phone network is interconnected, allowing hackers to potentially tap any phone, regardless of location. Lieu’s phone, for example, was infiltrated from Germany.
“The smallest carrier in the Middle East … can actually reach into AT&T and Verizon’s network,” said Christopher Soghoian, principal technologist for the American Civil Liberties Union (ACLU).
And the problem is not going away. SS7 will continue to be used for well over a decade, experts predict.
The system’s shortcomings are not news to many security researchers and even to some government officials.”
…Continue reading @ theHill.com
How hackers eavesdropped on a US Congressman using only his phone number
SS7 routing protocol also exposes locations, contacts, and other sensitive data.
“A US Congressman has learned first-hand just how vulnerable cellphones are to eavesdropping and geographic tracking after hackers were able to record his calls and monitor his movements using nothing more than the public ten-digit phone number associated with the handset he used.
The stalking of US Representative Ted Lieu’s smartphone was carried out with his permission for a piece broadcast Sunday night by 60 Minutes. Karsten Nohl of Germany-based Security Research Labs was able to record any call made to or from the phone and to track its precise location in real-time as the California congressman traveled to various points in the southern part of the state. At one point, 60 minutes played for Lieu a crystal-clear recording Nohl made of one call that discussed data collection practices by the US National Security Agency. While SR Labs had permission to carry out the surveillance, there’s nothing stopping malicious hackers from doing the same thing.
The representative said he had two reactions: “First it’s really creepy,” he said. “And second it makes me angry. They could hear any call. Pretty much anyone has a cell phone. It could be stock trades you want someone to execute. It could be a call with a bank.”
The hack was done by accessing Signalling System No. 7, or SS7, a telephony signalling language used by more than 800 telecommunication companies around the world to allow their networks to interoperate. SS7 is the routing protocol that, for instance, allows a T-Mobile subscriber to connect to the Deutsche Telekom network while traveling in Germany. It also provides a way for someone on one continent to send text messages to a phone located on another continent. SS7 also makes individuals’ subscriber data available to anyone with access to SS7.”
…Continue reading @ ArsTechnica, make sure to check out the Comments section….
Any phone can get hacked via a global cellular network vulnerability
“Vulnerability in the Signaling System Seven (SS7) has been recently exploited to track location, snoop on messages and phone calls on any type of smartphone, researchers found.
Karsten Nohl, a German hacker, demonstrated how, by leveraging the flaw, he was able to track all this personal information from an iPhone owned by US Congressman Ted Lieu.
First, it’s really creepy, and second, it makes me angry,” the Congressman said in a TV show.
The problem resides in SS7 or Signalling System Number 7 – a telephony signaling protocol used by more than 800 telecommunication operators around the world to exchange information with one another, cross-carrier billing, enabling roaming, and other features.
If one of the telecom operators is hacked, everyone is exposed and a large scale of information, including voice calls, text messages, billing information, relaying metadata and subscriber data, is open to interception.
Also, the vulnerability affects all phones, whether they’re running iOS or Android. Reportedly, the designing flaws in SS7 have been in circulation since 2014.
The people who knew about this flaw [or flaws] should be fired,” Lieu added. “You can’t have 300-some Million Americans—and really, right, the global citizenry — be at risk of having their phone conversations intercepted with a known flaw, simply because some intelligence agencies might get some data.”
The best way users can protect conversations and mobile data is to encrypt it before it leaves the smartphone.”
…More @ HotforSecurity
Rep. Ted Lieu Blames NSA For Unpatched Carrier Vulnerability That Allowed His Calls To Be Intercepted On ’60 Minutes’
– Tom’s Hardware
“Back in December 2014, several white hat hackers, including Karsten Nohl, exposed how the carriers’ weakly protected SS7 system can be hacked by just about anyone, without too much expense. The targets could include even U.S. Congress members, as well as the U.S. President if he uses the regular carrier network for calls–as President Obama did last year when he called Rep. Ted Lieu of California directly, according to Lieu.
Intelligence Agencies Must Take Responsibility For Weak Security
The phone networks both in the U.S. and abroad were built on weak security decades ago, in part because they didn’t realize how vulnerable these systems could be in the future, and in part because intelligence agencies wanted their phone calls to be easily intercepted. However, this has now backfired in a significant way, with any hacker from anywhere in the world being able to spy on phone calls or texts from a U.S. Congressman, or a judge, journalist, or anyone who they may deem a target.
This is yet another failure of the intelligence agencies and governments who put spying ahead of actual security. It’s now been proven again and again that when you put holes into a system’s security, those holes can be used by anyone once they’re discovered. It’s usually just a matter of time until those holes are discovered, but then it may take many more years to fix, because it’s too hard to get all the global phone carriers to upgrade to a more secure system all at once.
We’re now about to upgrade to another next-generation network, the 5G network, but yet again it doesn’t seem like security is a primary focus. With 5G supposed to arrive by 2020, and then last for at least another 7-8 years before upgrading to something else, we’re looking at another 10-15 years in which the security of the phone networks would be vulnerable to hackers.”
…Read more @ Tom’s Hardware