Cellular serves as an open door for hackers, writes the Washington Post.
The errors, which will be presented at a hacker conference Hamburg this month, is the latest evidence of extensive gaps in the so-called SS7 system.
The system is used in Norway
SS7 is a global system, and is also used in Norway confirms the NPT Aftenposten.
The system is from 1980, but is still part of the technical foundation for the world’s mobile traffic.
SS7 makes the world mobile networks able to redirect calls, text messages and other services to each other.
Such a system is needed that conversation should not be broken when driving down a highway and a new base station must take over the conversation.
Can hacked from other side of the world
It is also linked to most of the world telephony networks and helps to ensure that a phone in Norway can communicate with a phone in Australia.
The experts say now that it is becoming increasingly clear that the system, which was developed in 1980, is very uncertain.
– There have periodically emerged indications that vulnerabilities in SS7 can be exploited including through Snowden revelations. Little concrete has been publicly known about this.
– The NPT has not been aware of the weaknesses have been exploited beyond what has come to Snowdenavsløringene, writes director Einar Lunde NPT in an email to Aftenposten.
– What, if anything, has been done to plug the gaps?
– There has not been any contact with providers about this. writes Lunde.
Locked front door – wide open backdoor
Even though the owners of mobile network spending millions of dollars on 3G technology to improve security on their systems, they must still communicate with unsecured mobile network via SS7, which makes security technology virtually useless.
– It is as if you secure your front door but leave the back door standing wide open, says Tobias Engel, one of the German scientists, to the Washington Post.
Can find users and intercept them
A single unsecured mobile networks across the world can be used to gain access to more secure networks in Norway.
According to Washington Post hackers with knowledge of SS7s many functions locate mobile users anywhere in the world, listen to phone calls as they happen or take up hundreds of encrypted calls and text messages at a time.
Believe it needed global solution
– The described problemsillingen is fundamental, global and must find its solution this context. SS7 is very important for PSTN / mobile infrastructure, and is used both for internal signaling in the network, as well as for interconnection and settlement between networks. SS7 therefore can not be abolished soon. It is believed that SS7 gradually replaced by a packet switched solution with SIP signaling. The problem is inherited: SS7 was designed to go between telecommunications operators in a proprietary, circuit-switched and thus protected environment, but has been opened up including using SS7 over IP (Sigtran).
– What is the probability of further exploitation of this from criminal / hackers?
– Maybe not so great on short term but in the longer term, we must assume that hackers could exploit this or related vulnerabilities if solutions are not in place, recognizing Lunde.
Monitoring can be automated
According to the second researcher Karsten Nohl, the process of addressing and decrypt calls automated, giving the possibility of decrypting and recording calls on a massive scale.
– Everything is automated by a keystroke, said Nohl Washington Post.
The researchers have tested the automated recording and decryption of over 20 networks worldwide, and on all networks have neither test worked, according to Nohl.
Published:
No comments:
Post a Comment