Tag Archives: Digital Security

US Cell Phone Networks Critically Vulnerable | Apr 2016

Serious Weaknesses seen in Cell phone Networks

– theHill

iphone_052715getty

“America’s digital adversaries may have spent years eavesdropping on officials’ private phone conversations through vulnerabilities in the global cell phone network, according to security experts.

A recent “60 Minutes” segment displayed the extent of the weakness, spurring government into action this week. Federal agencies vowed to investigate and Capitol Hill has begun looking into the issue.

Specialists believe countries like China, Russia and Iran have all likely exploited the deficiency to record calls, pilfer phone data and remotely track high-value targets.

“I would be flabbergasted if these foreign governments were not monitoring large numbers of American officials on their cell phones,” Rep. Ted Lieu (D-Calif.) told The Hill.

Lieu, who holds a bachelor’s degree in computer science, offered up his phone to German computer scientist Karsten Nohl to test the extent of the vulnerability on “60 Minutes.” Hackers were able to record Lieu’s calls, view his contacts and monitor his movements, armed with just the Los Angeles Democrat’s phone number.

Despite the government’s pledges to rectify the problem, Lieu and security researchers insist officials have lost valuable time.

The vulnerabilities have been known for several years, and even bubbled up in the media in late 2014. After the flaws came back into the spotlight, Lieu said the government failed to take basic steps.

For instance, he said, “I am still dumbfounded as to why I have yet to see an alert go out to members of Congress.”

Most telecom companies use decades-old protocols known as Signaling System No. 7 or SS7 to direct mobile communications around the world.

It is these protocols that are seen as insecure.

“The SS7 network was never designed to be secure,” explained Les Goldsmith, a researcher with Las Vegas security firm ESD. “It was originally a cable in Europe. It had no encryption.”

But SS7 serves a vital purpose. The network helps keep calls connected as users bounce from cell tower to cell tower, and routes text messages to their final location. It’s also how people get service when they travel to another country, outside the reach of their normal carrier.

The problem is that anyone who can gain entry to the SS7 system can also repurpose these signals and intercept calls and texts.

The attack surface is vast. There are over 800 cell phone networks around the world, each with roughly 100 to 200 interlocking roaming agreements with other networks, Goldsmith said.

That means virtually every cell phone network is interconnected, allowing hackers to potentially tap any phone, regardless of location. Lieu’s phone, for example, was infiltrated from Germany.

“The smallest carrier in the Middle East … can actually reach into AT&T and Verizon’s network,” said Christopher Soghoian, principal technologist for the American Civil Liberties Union (ACLU).

And the problem is not going away. SS7 will continue to be used for well over a decade, experts predict.

The system’s shortcomings are not news to many security researchers and even to some government officials.”

…Continue reading @ theHill.com

 

 

 

How hackers eavesdropped on a US Congressman using only his phone number

– ArsTechnica

ss7-surveillance-640x391

SS7 routing protocol also exposes locations, contacts, and other sensitive data.

“A US Congressman has learned first-hand just how vulnerable cellphones are to eavesdropping and geographic tracking after hackers were able to record his calls and monitor his movements using nothing more than the public ten-digit phone number associated with the handset he used.

The stalking of US Representative Ted Lieu’s smartphone was carried out with his permission for a piece broadcast Sunday night by 60 Minutes. Karsten Nohl of Germany-based Security Research Labs was able to record any call made to or from the phone and to track its precise location in real-time as the California congressman traveled to various points in the southern part of the state. At one point, 60 minutes played for Lieu a crystal-clear recording Nohl made of one call that discussed data collection practices by the US National Security Agency. While SR Labs had permission to carry out the surveillance, there’s nothing stopping malicious hackers from doing the same thing.

The representative said he had two reactions: “First it’s really creepy,” he said. “And second it makes me angry. They could hear any call. Pretty much anyone has a cell phone. It could be stock trades you want someone to execute. It could be a call with a bank.”

The hack was done by accessing Signalling System No. 7, or SS7, a telephony signalling language used by more than 800 telecommunication companies around the world to allow their networks to interoperate. SS7 is the routing protocol that, for instance, allows a T-Mobile subscriber to connect to the Deutsche Telekom network while traveling in Germany. It also provides a way for someone on one continent to send text messages to a phone located on another continent. SS7 also makes individuals’ subscriber data available to anyone with access to SS7.”

…Continue reading @ ArsTechnica, make sure to check out the Comments section….

 

Any phone can get hacked via a global cellular network vulnerability

– HotforSecurity

logo

 

 

“Vulnerability in the Signaling System Seven (SS7) has been recently exploited to track location, snoop on messages and phone calls on any type of smartphone, researchers found.

Karsten Nohl, a German hacker, demonstrated how, by leveraging the flaw, he was able to track all this personal information from an iPhone owned by US Congressman Ted Lieu.

First, it’s really creepy, and second, it makes me angry,” the Congressman said in a TV show.

The problem resides in SS7 or Signalling System Number 7 – a telephony signaling protocol used by more than 800 telecommunication operators around the world to exchange information with one another, cross-carrier billing, enabling roaming, and other features.

If one of the telecom operators is hacked, everyone is exposed and a large scale of information, including voice calls, text messages, billing information, relaying metadata and subscriber data, is open to interception.

Also, the vulnerability affects all phones, whether they’re running iOS or Android. Reportedly, the designing flaws in SS7 have been in circulation since 2014.

The people who knew about this flaw [or flaws] should be fired,” Lieu added. “You can’t have 300-some Million Americans—and really, right, the global citizenry — be at risk of having their phone conversations intercepted with a known flaw, simply because some intelligence agencies might get some data.”

The best way users can protect conversations and mobile data is to encrypt it before it leaves the smartphone.”

…More @ HotforSecurity

 

 

Rep. Ted Lieu Blames NSA For Unpatched Carrier Vulnerability That Allowed His Calls To Be Intercepted On ’60 Minutes’

– Tom’s Hardware

th3

“Back in December 2014, several white hat hackers, including Karsten Nohl, exposed how the carriers’ weakly protected SS7 system can be hacked by just about anyone, without too much expense. The targets could include even U.S. Congress members, as well as the U.S. President if he uses the regular carrier network for calls–as President Obama did last year when he called Rep. Ted Lieu of California directly, according to Lieu.

Intelligence Agencies Must Take Responsibility For Weak Security

The phone networks both in the U.S. and abroad were built on weak security decades ago, in part because they didn’t realize how vulnerable these systems could be in the future, and in part because intelligence agencies wanted their phone calls to be easily intercepted. However, this has now backfired in a significant way, with any hacker from anywhere in the world being able to spy on phone calls or texts from a U.S. Congressman, or a judge, journalist, or anyone who they may deem a target.

This is yet another failure of the intelligence agencies and governments who put spying ahead of actual security. It’s now been proven again and again that when you put holes into a system’s security, those holes can be used by anyone once they’re discovered. It’s usually just a matter of time until those holes are discovered, but then it may take many more years to fix, because it’s too hard to get all the global phone carriers to upgrade to a more secure system all at once.

We’re now about to upgrade to another next-generation network, the 5G network, but yet again it doesn’t seem like security is a primary focus. With 5G supposed to arrive by 2020, and then last for at least another 7-8 years before upgrading to something else, we’re looking at another 10-15 years in which the security of the phone networks would be vulnerable to hackers.”

…Read more @ Tom’s Hardware

 

Digital Security | Mar 2016

Gmail will now warn you if you’re being targeted by the government

– Digital Trends

gmail-big-app-2-640x0

Apple isn’t the only company fighting against government-backed cyber attacks.

While Apple and the FBI bicker over user security, Google is bringing security into the public eye in a different way – by simply telling you what’s going on. The company will be increasing the visibility of Gmail security warnings to try and help people better protect themselves when sending and receiving emails.One of the changes is the expansion of the “safe browsing” notifications, which basically tell you when you’re about to open a suspicious link from an email. These warnings will show up when a link is clicked, but before the link actually opens, presenting users with one final option to retreat instead of visiting the page.

Google is also continuing the fight against state-sponsored attacks, showing a full-page warning when it thinks you’re being targeted by a government-backed hacker. Google does mention in a blog post that less than 0.1 percent of Gmail users will be receiving this warning, however, it highlights the importance of the warnings because of the fact that the people getting them are often journalists, policy-makers, and activists.”

…Continue reading @ Digital Trends

 

Digital Security in an Age of Terror – Feb 2016

Federal Court Orders Discovery Into The Clinton Emails And Suggests The Possibility of Subpoenas To Force Disclosures

– Jonathanturley.org

hr6

“U.S. District Judge Emmet G. Sullivan sent shockwaves through Washington yesterday by ruling that State Department officials and top aides to Hillary Clinton will be subject to discovery on whether they intentionally violated federal open records laws by using or allowing the use of a private email server throughout Clinton’s tenure as secretary of state from 2009 to 2013.

sullivan

The case opens up another front for Clinton who is facing rising criticism over her decision to exclusively use her own private server for communications as Secretary of State — a decision that gave her control over her email system but exposed classified information to interception. The State Department supplied a secure system for her use but Clinton opted not to use that system. Over 1,700 emails on Clinton’s private email system have been classified (22 at the highest level of “top secret”).

While Clinton insists that the information was not marked classified at the time, that is not the test under federal law. Yet, this case concerns the use of the private server to circumvent open record laws. The court also indicated that it may order subpoenas for Clinton officials in light to the failure to fully disclose information. Sullivan, who I have appeared before regularly over the last two decades, is a widely respected judge and a Clinton appointee.

jt11

Sullivan noted that it is not clear that senior State Department officials were aware that Clinton had decided not to use the protected or secure State Department system. He cited a January 2009 email exchange including Undersecretary for Management Patrick F. Kennedy, Clinton chief of staff Cheryl D. Mills and Huma Abedin about establishing a “stand-alone network” email system. Now that it is also confirmed that top secret information was discussed on Clinton’s private server, any discovery is likely to cause both political and legal problems for the Clinton camp. First, any depositions might result in refusals to testify by key officials. The invocation of Fifth Amendment protections against self-incrimination would have significant political impacts. After all, no one would suggest that Sullivan is part of a right-wing conspiracy or runaway investigation. The refusal to testify would reflect the real danger of tripping the wire on federal classification laws as well as more general concerns that statements conflicting statements with those government investigators could trigger charges under 18 U.S.C. 1001. Second, depositions raise the explosive potential of an aide admitting that the email system was understood to be an effort to retain control of the email system and evade federal laws.”

…Continue reading @ JonathanTurley.org

 

Federal Court Grants Judicial Watch Discovery on Clinton Email Issue

– Judicial Watch

usc1

Judicial Watch Will Seek Testimony from Current and Former Obama Administration Officials

(Washington, DC) – Judicial Watch announced that District Court Judge Emmet G. Sullivan today granted Judicial Watch’s motion for discovery into whether the State Department and former Secretary of State Hillary Clinton deliberately thwarted the Freedom of Information Act (FOIA) for six years.  The developments come in a Judicial Watch FOIA lawsuit that seeks records about the controversial employment status of Huma Abedin, former Deputy Chief of Staff to Clinton.  The lawsuit was reopened because of revelations about Clinton’s separate email records (Judicial Watch v. U.S. Department of State (No. 1:13-cv-01363)).

Judge Sullivan initially announced his ruling from the bench during a hearing this morning and, over the objections of the State Department, authorized Judicial Watch to submit a plan for “narrowly-tailored discovery.”  Judge Sullivan is also considering whether to order the State Department to subpoena all the emails on the clinton.com email system.”

….Continue reading @ JudicialWatch.org

 

McCaul and Warner want to build an army of tech experts and spies to try and catch terrorists when they ‘go dark’

– BusinessInsider.com

senator-mark-warner-reuters

“Rep. Michael McCaul (R-TX) and Sen. Mark Warner (D-VA) will soon formally propose a digital security commission with aims to bring stakeholders together to discuss and propose solutions to “security and technology challenges in the digital age.”

“The technology is way in front of the policymakers and the law,” McCaul said at an event at the Bipartisan Policy Center on Wednesday.

Warner remarked on his fear that the relationship between the intelligence community and the tech sector had become adversarial as the two sides “talk past each other” when the they ought to be cooperating.

At the heart of the committee is the delicate balance between the needs (and wants) of investigators seeking encrypted information and the rights and privacy of the American public.

“There are tensions,” Warner said, “but we want to maintain American innovation, we want to maintain America’s privacy rights, and we definitely want to make sure Americans are safe from acts of terror and criminal acts.”

The pairing of McCaul, the chair of the House Committee on Homeland Security and a former federal prosecutor, and Warner, a former tech and telecommunications investor , is emblematic of the cooperation that the two hope to bring forth with a committee that would include representatives from Silicon Valley, the FBI, privacy advocates, encryption experts, and law enforcement agencies.

The issue of criminals using encryption to hide their tracks — known as “going dark” — has been brought into the spotlight by Apple’s public battle with the FBI over creating a “backdoor” for investigators to access the encrypted iPhone of Syed Farook, the suspected shooter in the San Bernardino attack last December.

A similar discussion arose surrounding the assertion that encryption was used in the planning of the November 2015 Paris attacks, though the extent to which encryption was actually used remains unclear.”

Read more @ Business Insider

– Actually the headline from BI is a bit over the top the content, outrunning it as it were.

– A more in depth article was done by the Hill in Dec 2015:

 

Homeland chair moves to rein in ‘dark’ networks

-TheHill.com

hacker_gettyimages111

“The head of the House Homeland Security Committee is pushing a new initiative to deal with the proliferation of encrypted devices that critics say allow terrorists to communicate without detection.

The effort by Chairman Michael McCaul (R-Texas) will not force concessions on tech companies, he said Monday.

Instead, it would create “a national commission on security and technology challenges in the digital age,” which McCaul promised would be tasked with providing specific recommendations for dealing with an issue that has become a priority for law enforcement officials.

McCaul is planning to introduce his bill in the coming days. The new commission would be composed of tech industry leaders, privacy advocates, academics and law enforcement officials.

McCaul’s push could prove to be a middle ground in the debate over encryption, which has created a rift between Silicon Valley and federal officials in Washington.

Leaders at the FBI and elsewhere warn that the increasingly common use of unbreakable encryption makes it impossible for them to obtain a suspect’s communications even with a warrant.

Yet tech companies and privacy supporters say that weakening the technology would make everybody less safe. A vulnerability allowing the FBI to access someone’s messages could easily be exploited by Chinese spies or nefarious hackers, they note.

McCaul’s idea went over well with at least one of Capitol Hill’s staunchest encryption defenders.

Rep. Will Hurd (R-Texas), a former cybersecurity consultant and CIA agent who chairs an important House subcommittee on information technology, said McCaul’s proposed commission could help define “specifically, what are those challenges that law enforcement is facing?”

“The problem that I’ve seen is that the tech community and the law enforcement community, everybody’s talking past each other,” he told The Hill.”

…Read more @ The Hill by Julian Hattem.

– My question would be, why set  up whole infrastructures to spy and investigate US citizens, when the people at the top are fully capable of exposing top secrets to our most serious adversaries?

Another point would be to shut access to money and techologies. If most wireless carriers requires several serious forms of ID for a cell phone account, why is it still so easy to buy a ID-less cell phone?