SS7 Attacks Getting Serious

Hello all,

Mobile networking experts at Positive Technologies security firm  showed a new attack method that uses the Signaling System No. 7 (SS7)  mobile telecommunications protocol to impersonate mobile users and receive messages intended for other people.

They only used a cheap laptop running Linux and an SDK to interact with the SS7 protocol, for the proof-of-concept demonstration.

Developed in 1975, SS7 allows telco operators to interconnect fixed line and/or mobile telephone networks. It was never updated properly and is outdated.

Ever since 2014, security experts have warned about this.

Two talks given by researchers at the 31st Chaos Communication Congress in Germany highlighted its risks. Positive Technologies released  an in-depth report about the protocol’s issues in December 2014. And recently, a CBS researcher with the help of a German security firm, proved a point by tracking and spying on  on a US elected official.

Positive Technologies has put out a blog post which details an SS7-based attack on encrypted communications carried out via apps such as WhatsApp and Telegram.

Using their Linux laptop, the researchers spoofed a mobile network node and intercepted the initial phase of a chat between two users of an encrypted app.

Encrypted apps they’ve tested use SMS authentication to identify and authenticate users participating in encrypted conversations, so without breaking  the app’s encryption, the researchers simply impersonated the second person in an encrypted communications channel. The loopholes leveraged for this exercise was detailed in their 2014 research paper.

Through this demonstration, it was proved that surveillance agencies don’t necessarily need to crack encryption to spy on users, and can very well use the existing mobile networking infrastructure to carry out such operations.


Source: Akati

Comments are closed.