Submission + - Researchers discover SS7 flaw, allowing total access to ANY cell phone anywhere. (www.zeit.de)
krakman writes: Researchers discovered security flaws in SS7 that allow listening to private phone calls and intercepting text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available.
The flaws, to be reported at a hacker conference in Hamburg this month, are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network. It is thought that these flaws were used for bugging Chancellor Merkels phone earlier.
Those skilled at the housekeeping functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is potential to defraud users and cellular carriers by using SS7 functions, the researchers say.
Another result of Security being thought of after the fact, as opposed to part of the initial design.
The flaws, to be reported at a hacker conference in Hamburg this month, are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network. It is thought that these flaws were used for bugging Chancellor Merkels phone earlier.
Those skilled at the housekeeping functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is potential to defraud users and cellular carriers by using SS7 functions, the researchers say.
Another result of Security being thought of after the fact, as opposed to part of the initial design.