Cell Phone hack flaws

Discussion in 'other security issues & news' started by CloneRanger, Dec 19, 2014.

  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,869
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    6,087
    SS7 Attacks and Potential Breaches in Telecommunication Leading to Chaos.The Ukraine case.
    http://securityaffairs.co/wordpress/31598/intelligence/ss7-attacks-ukraine.html

     
  3. Mover

    Mover Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    167
    I came across an interesting article concerning the insecurities of cellular networks and how a mobile user could be tracked easily from the other side of the world with only the phone number being available to the attacker.

    Eye opening stuff. Within the article are videos of 2 researchers who presented in Germany last month.

    http://threatpost.com/cellular-privacy-ss7-security-shattered-at-31c3/110135
     
  4. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    22,254
    Location:
    U.S.A.
    Merged Threads to Continue Related Topic.
     
  5. Mover

    Mover Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    167
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,672
    Location:
    The Netherlands
  7. Mover

    Mover Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    167
    I read about this just the other day. Scary to think that the NSA or GCHQ would hack the SIM card manufacturer for the keys.

    I also noticed Karsten Nohl of SR Labs, the Snoopsnitch app developers, were mentioned in the article.

    Either way, I'd say the abuse of SS7 is more readily available to organizations (ie. police, investigative organizations, etc) as Karsten pointed
    out in the video.
     
  8. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,249
  9. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Gemalto confirms NSA and GCHQ infiltration, but no major theft of SIM keys
    http://itsecurityguru.org/gemalto-confirms-nsa-gchq-infiltration-major-theft-sim-keys/
     
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    6,087
    SS7 flaw allows hackers to spy on every conversation
    http://securityaffairs.co/wordpress/39409/cyber-crime/ss7-flaw-surveillance.html
     
  11. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,528
    I thought this was another attack that targets the devices themselves according to thread title, but wow...
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    6,087
    Adaptivemobile finds evidence of the real damage of global SS7 attacks
    http://www.freshnews.com/news/1140870/adaptivemobile-finds-evidence-real-damage-global-ss7-attacks
     
  13. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    6,087
    How hackers eavesdropped on a US Congressman using only his phone number
    http://arstechnica.com/security/201...a-us-congressman-using-only-his-phone-number/
     
  14. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    6,087
    SS7 Attack Leaves WhatsApp and Telegram Encryption Useless
    http://news.softpedia.com/news/ss7-...-and-telegram-encryption-useless-503894.shtml
     
  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    58,945
    Location:
    Texas
  16. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    6,087
    Hackers can abuse LTE protocols to knock phones off networks
    http://www.computerworld.com/articl...e-protocols-to-knock-phones-off-networks.html
     
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    6,087
    https://www.theregister.co.uk/2017/03/15/ss7_cellphone_spying_flaw_still_unfixed/
     
  18. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    2,168
    Location:
    DC Metro Area
    "Privacy hawks in Congress call on Homeland Security to warn Americans of SS7 hacking threat...

    Oregon Senator Ron Wyden and California Representative Ted Lieu are pressing the Department of Homeland Security (DHS) on a mobile network vulnerability that they consider to be a systemic digital threat. In a new joint letter, the two members of Congress questioned DHS Secretary John Kelly about flaws inherent in Signaling System 7 (SS7), a global telecommunications protocol that allows phone networks to route calls and texts between users

    In a study publicized during a 2014 security conference in Hamburg, researchers demonstrated how hackers could insert themselves into a device’s call-forwarding function, redirecting calls, and any private information discussed therein, to themselves before bouncing them back to the receiver. In another SS7 technique, hackers could collect nearby texts and calls using a dedicated antenna, going so far as to obtain temporary encryption keys from a wireless carrier, which would later be used to decrypt the content of the correspondence. According to the researchers, end-to-end encryption — widely considered to be the most robust mobile precaution a user can take — could withstand such an attack, but the vast majority of users do not employ such measures...

    ...Some digital privacy advocates suggest that there is little focus on the vulnerability of SS7 because governments are actively exploiting it in their own spying efforts. For example, SS7 tracking systems pair well with IMSI catchers (more commonly called “Stingrays“) used by some U.S. law enforcement agencies, zeroing in on a target’s general location in order to intercept their communications...."

    https://techcrunch.com/2017/03/15/ss7-congress-dhs-wyden-lieu/

    "Suspicious cellular activity in D.C. suggests monitoring of individuals' smartphones...

    ...ESD America, hired preemptively for a DHS pilot program this January called ESD Overwatch, first noticed suspicious activity around cell phone towers in certain parts of the capital, including near the White House. This kind of activity can indicate that someone is monitoring specific individuals or their devices...

    DHS confirmed the pilot program but did not comment on the suspicious activity.

    'The Overwatch system is part of a 90-day pilot that was initiated on January 18, 2017,” the agency said in a statement. “The Overwatch System is managed by DHS, through ESD America Inc., a defense and law enforcement technology provider that provides technical security assistance to government and corporate clients.'...

    ...According to the ESD America source, the first such spike of activity was in D.C. but there have been others in other parts of the country."

    http://www.cbsnews.com/news/suspici...ggests-monitoring-of-individuals-smartphones/
     
    Last edited: Mar 17, 2017
Loading...