SS7 Attacks and Potential Breaches in Telecommunication Leading to Chaos.The Ukraine case. http://securityaffairs.co/wordpress/31598/intelligence/ss7-attacks-ukraine.html
I came across an interesting article concerning the insecurities of cellular networks and how a mobile user could be tracked easily from the other side of the world with only the phone number being available to the attacker. Eye opening stuff. Within the article are videos of 2 researchers who presented in Germany last month. http://threatpost.com/cellular-privacy-ss7-security-shattered-at-31c3/110135
Snoopsnitch application mentioned in second video. I've given this a try and it works quite well at detecting what it suppose to. https://opensource.srlabs.de/projects/snoopsnitch
This has also been in the news lately, Gemalto's stock price got hit hard: http://blogs.wsj.com/briefly/2015/02/20/5-questions-about-the-gemalto-hack/
I read about this just the other day. Scary to think that the NSA or GCHQ would hack the SIM card manufacturer for the keys. I also noticed Karsten Nohl of SR Labs, the Snoopsnitch app developers, were mentioned in the article. Either way, I'd say the abuse of SS7 is more readily available to organizations (ie. police, investigative organizations, etc) as Karsten pointed out in the video.
Gemalto confirms NSA and GCHQ infiltration, but no major theft of SIM keys http://itsecurityguru.org/gemalto-confirms-nsa-gchq-infiltration-major-theft-sim-keys/
SS7 flaw allows hackers to spy on every conversation http://securityaffairs.co/wordpress/39409/cyber-crime/ss7-flaw-surveillance.html
I thought this was another attack that targets the devices themselves according to thread title, but wow...
Adaptivemobile finds evidence of the real damage of global SS7 attacks http://www.freshnews.com/news/1140870/adaptivemobile-finds-evidence-real-damage-global-ss7-attacks
How hackers eavesdropped on a US Congressman using only his phone number http://arstechnica.com/security/201...a-us-congressman-using-only-his-phone-number/
SS7 Attack Leaves WhatsApp and Telegram Encryption Useless http://news.softpedia.com/news/ss7-...-and-telegram-encryption-useless-503894.shtml
Hackers can abuse LTE protocols to knock phones off networks http://www.computerworld.com/articl...e-protocols-to-knock-phones-off-networks.html
"Privacy hawks in Congress call on Homeland Security to warn Americans of SS7 hacking threat... Oregon Senator Ron Wyden and California Representative Ted Lieu are pressing the Department of Homeland Security (DHS) on a mobile network vulnerability that they consider to be a systemic digital threat. In a new joint letter, the two members of Congress questioned DHS Secretary John Kelly about flaws inherent in Signaling System 7 (SS7), a global telecommunications protocol that allows phone networks to route calls and texts between users In a study publicized during a 2014 security conference in Hamburg, researchers demonstrated how hackers could insert themselves into a device’s call-forwarding function, redirecting calls, and any private information discussed therein, to themselves before bouncing them back to the receiver. In another SS7 technique, hackers could collect nearby texts and calls using a dedicated antenna, going so far as to obtain temporary encryption keys from a wireless carrier, which would later be used to decrypt the content of the correspondence. According to the researchers, end-to-end encryption — widely considered to be the most robust mobile precaution a user can take — could withstand such an attack, but the vast majority of users do not employ such measures... ...Some digital privacy advocates suggest that there is little focus on the vulnerability of SS7 because governments are actively exploiting it in their own spying efforts. For example, SS7 tracking systems pair well with IMSI catchers (more commonly called “Stingrays“) used by some U.S. law enforcement agencies, zeroing in on a target’s general location in order to intercept their communications...." https://techcrunch.com/2017/03/15/ss7-congress-dhs-wyden-lieu/ "Suspicious cellular activity in D.C. suggests monitoring of individuals' smartphones... ...ESD America, hired preemptively for a DHS pilot program this January called ESD Overwatch, first noticed suspicious activity around cell phone towers in certain parts of the capital, including near the White House. This kind of activity can indicate that someone is monitoring specific individuals or their devices... DHS confirmed the pilot program but did not comment on the suspicious activity. 'The Overwatch system is part of a 90-day pilot that was initiated on January 18, 2017,” the agency said in a statement. “The Overwatch System is managed by DHS, through ESD America Inc., a defense and law enforcement technology provider that provides technical security assistance to government and corporate clients.'... ...According to the ESD America source, the first such spike of activity was in D.C. but there have been others in other parts of the country." http://www.cbsnews.com/news/suspici...ggests-monitoring-of-individuals-smartphones/
