A Rallying Cry for Manufacturers and Carriers!

 


Around 8 months ago 60 Minutes aired one of its more disturbing pieces. Forget about Apple vs the FBI, Google and privacy, WhatsApp storing your data on local servers, or Facebook and data mining – unless the masses are truly lazy & complacent on a global basis, this is one issue that must be addressed!

This involves a little known item called Signaling System #7 (SS7). SS7 is at the virtual heart of our cellular communications systems. All providers use it as it is responsible for routing texts and calls, enables mobile phones to roam across telecommunication providers worldwide, and keeps your “calls connected as users speed down highways, switching from cell tower to cell tower.” This applies to Apple, Android, BlackBerry, and Windows phones.

Before I go any further let’s end the debate before it starts. In the 60 Minutes demonstration it was disclosed that German authorities had allowed Luca Melette (a German whitehat hacker) access to SS7 so he could demonstrate the vulnerabilities. Many people argue that this is now a publicity stunt/scare tactic because the deck was stacked to make for a more chilling report. This argument is flawed for 2 reasons. 1) it’s better that they didn’t show Mr Melette hacking into the system for obvious reasons, and 2) this hack has in-fact occurred – “a recent analysis by a French Telco revealed a huge spike in SS7 queries from Africa and the Middle East which far exceeded the number of phones roaming in those regions; this suggests the SS7 ‘Any-Time-Interrogation’ (ATI) queries for subscriber information and location were done for illicit purposes such as espionage or criminal fraud.

So here’s the issue-

In August last year the Washington Post published a story alleging that makers of surveillance systems are offering government and other clients around the world access to SS7 to track the movements of anyone who carries a cell phone; a use that goes far beyond the original intentions of system, and which raises substantial privacy and commercial espionage concerns. It is no revelation of course that intelligence agencies such as the US National Security Agency or the Australian Signals Directorate, part of the so-called five-eyes communications spying alliance, have such powers.  But the Post story raised legitimate concerns at the time that a rogue government could access the SS7 portal to track political dissidents or to gather economic espionage on a competitor country. What the story did not detail was that SS7 access can also allow remote bugging of any mobile phone user’s calls, which is the hack 60 Minutes has now demonstrated is possible.

Forget about terrorists, drug dealers, money launderers, murderers, child pornographers, human traffickers, etc,  there is a system already in place where authorities and scum-bags can track you, listen to every call and extract financial and other personal information simply by tapping into SS7. It’s about time consumers, Carriers, and phone manufacturers unite on a global basis to ensure this system has sufficient security and policies in place to thwart any future intrusions into our privacy.

Please call your local officials, write your elected officials and send them links to the Youtube video – this type of intrusion MUST STOP NOW!

 

 

source¹

source²

Rob

kayaker co-pilot Tucson, it's a dry heat!

  • Jope28

    This is scary stuff.
    Hopefully encrypted VOIP calls become mainstream.

    One person’s “rogue government” is another person’s “legitimate” government.
    That’s part of being in a small community of 3 Billion people lol

    We’ll all be fluent in Newspeak soon lol

    • Sudnadja

      I imagine encrypted VOIP calls are exploitable through PICARESQUE already.

  • Anthony
    • razrrob

      Thanks Anthony, I read that article. Unfortunately, BlackBerry has addressed security for the enterprise side, but consumers have no protection

Top