German researchers discover a flaw that could let anyone listen to your cell calls.
Source: Washington Post
German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale even when cellular networks are using the most advanced encryption now available.
The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the worlds cellular carriers to route calls, texts and other services to each other. Experts say its increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the worlds billions of cellular customers.
The flaws discovered by the German researchers are actually functions built into SS7 for other purposes such as keeping calls connected as users speed down highways, switching from cell tower to cell tower that hackers can repurpose for surveillance because of the lax security on the network.
snip
These vulnerabilities continue to exist even as cellular carriers invest billions of dollars to upgrade to advanced 3G technology aimed, in part, at securing communications against unauthorized eavesdropping. But even as individual carriers harden their systems, they still must communicate with each other over SS7, leaving them open to any of thousands of companies worldwide with access to the network. That means that a single carrier in Congo or Kazakhstan, for example, could be used to hack into cellular networks in the United States, Europe or anywhere else.
Read more: http://www.washingtonpost.com/blogs/the-switch/wp/2014/12/18/german-researchers-discover-a-flaw-that-could-let-anyone-listen-to-your-cell-calls-and-read-your-texts/
whereisjustice
(2,941 posts)L0oniX
(31,493 posts)Android3.14
(5,402 posts)...if criminals do it, then it's okay for the government to do it. That's why no one cares about the police killing unarmed people.
mindwalker_i
(4,407 posts)LiberalArkie
(15,715 posts)From the cell site it was the slow speed circuits. In fact because the small packets of handoff data used so little bandwidth, the cellular companies started selling off the excess bandwidth on the circuits from the cellular tower to the cellular switch (MTSO). The excess packets that they sold to customers were called SMS or text messages. I can understand how tapping into the SS7 network might get text messages, but I can't see voice.
Paulie
(8,462 posts)Post recorded decryption of the call streams:
The second technique requires physical proximity but could be deployed on a much wider scale. Hackers would use radio antennas to collect all the calls and texts passing through the airwaves in an area. For calls or texts transmitted using strong encryption, such as is commonly used for advanced 3G connections, hackers could request through SS7 that each callers carrier release a temporary encryption key to unlock the communication after it has been recorded.