Skip to main content

Hackers on new “secure” phone networks can bill your account for their roaming charges

I have good news! The infamous SS7 networks used by mobile operators to interoperate, e.g.
when you’re roaming — which were built on trust, essentially devoid of security, and permitted rampant fraud, SMS hijacking, eavesdropping, password theft, etc. — are being replaced. Slowly. But I have bad news, too! Which is: the new systems still have gaping holes.

One such was described at the Def Con hacking convention today by Dr. Silke Holtmanns of Nokia Bell Labs. She gave a fascinating-to-geeks-like me summary of how the IPX network which connected five Scandinavian phone systems in 1991, using the SS7 protocol suite secured entirely by mutual trust, has grown into a massive global “private Internet” connecting more than two thousand companies and other entities. It is this private network-of-networks which lets you fly to another country and use your phone there, among many other services.

The quote which stood out most starkly from her slides regarding IPX was this: “Security awareness only recently started (2014).” 😮 That’s … awfully late to start thinking about security for a massive semi-secret global network with with indirect access to essentially every phones, connected car, and other mobile/SIM-card enabled device on the planet. He understated grimly.

Still, better later than never, right? A new protocol, called Diameter, is slowly lurching into place, in fits and starts. (Technically the old system used two protocol suites, SS7 and Radius: Diameter is the successor to Radius, but flexible enough that it can and will absorb SS7’s functions too.) Alas, even Diameter has at least one flaw: its so-called “hop-by-hop” routing can be used by an attacker to spoof an endpoint, i.e. to pretend to be a company which they aren’t.

This, combined with the ability to harvest a unique ID number (known as the IMSI) from a phone, with a device such as a Stingray, and the ability to request a re-assessment of a phone’s quality of service and billing information at any point, ultimately means that a capable hacker could upgrade their phone service at your expense … or downgrade your service to e.g. 2G-only, while roaming, if they were feeling more malicious than greedy.

2G-only! The horror! OK, this is a lot better than the long litany of fundamental flaws to which SS7 was vulnerable, but it’s still sad. Worst of all is the list of countermeasures that Dr. Holtmanns suggested. There are long list of things which companies and operators on the IPX network can do to fix or mitigate this vulnerability; but if you’re a user? All she can recommend is “check your bill” and “keep an eye on the news.”

This is yet another instance of what I call “the trustberg.” When you pick up your phone, because your bank texted you a one-time password, or to text something private, do you even know who you’re trusting to keep your texts and accounts unhacked? The bank itself, and Google or Apple, sure. Whatever Android app handles your texts, maybe. But it turns out this is only the tip of the trustberg.

Power generation and distribution; water and sewers; food processors and grocery trucks; industrial control systems; emergency response systems; microprocessor manufacturers; phone and satellite networks. We assume that somewhere, in some distant room, teams of competent grown-ups are taking care of these systems and making sure they’re safe — right?

Which is why coming to hacker conventions (such as infamous Def Con, from which I write this) is always such a sobering, saddening experience. Two days I wrote about satellite communications devices compromised worldwide … mostly because, it turns out, they relied on hardcoded, easily cracked passwords for “security.” Now I’m writing about new, improved security after a decade of catastrophic failures … and it’s still not actually secure. We can hope the even more important infrastructure I listed above is better taken care of … but the more hacker cons I go to, the harder this hope becomes.

from TechCrunch


Popular posts from this blog

Android blatantly copies the iPhone X navigation gestures

Google unveiled some of the new features in the next version of Android at its developer conference. One feature looked particularly familiar. Android P will get new navigation gestures to switch between apps. And it works just like the iPhone X.“As part of Android P, we’re introducing a new system navigation that we’ve been working on for more than a year now,” VP of Android Engineering Dave Burke said. “And the new design makes Android multitasking more approachable and easier to understand.”While Google has probably been working on a new multitasking screen for a year, it’s hard to believe that the company didn’t copy Apple. The iPhone X was unveiled in September 2017.On Android P, the traditional home, back and multitasking buttons are gone. There’s a single pill-shaped button at the center of the screen. If you swipe up from this button, you get a new multitasking view with your most recent apps. You can swipe left and right and select the app you’re looking for.If you swipe up o…

Square launches restaurant point-of-sale platform

Square, which has already made its way into retail stores and service-based businesses (think hair salons, massage therapists, etc), is officially getting into the restaurant business with the launch of Square for Restaurants. Square for Restaurants is a point-of-sale system that handles everything from menu updates, floor layouts, employee scheduling, performance tracking to tip splitting.Usually, restaurants have “some old legacy thing or something else,” Square Seller Lead Alyssa Henry told me.“Historically, we’ve not served this customer segment very well,” Henry said. “With Square for Restaurants, we’re excited to finally be able to serve this customer segment and deliver on a couple of key things that are core to Square but also highly valued by sellers of all types.”This new product is designed to be fast, self-serve, elegant and cohesive, Henry said. It also integrates seamlessly into Square’s existing ecosystem that includes Payroll, Capital and more. Given Square’s ownership…

Recapping the TechCrunch China Shenzhen 2018 event

This year we returned to Shenzhen, the Chinese city known as the world’s ‘Silicon Valley for hardware,’ for an event that was packed full of future-looking discussions, innovative startups, experienced founders, VCs and more.We love Shenzhen. Sure, Beijing has Zhongguancun and Shanghai has its international and diverse entrepreneurial community. But Shenzhen has a certain je ne sais quoi, an energy that pervades the entire city. Maybe it’s the great weather or maybe its youth of the place — both the residents and the age of the city itself — but every time we come to this southern city, we’re amazed by the people, projects, and companies thriving here.#Shenzhen, not Beijing or Shanghai, is the forerunner of Chinese innovation, says @ganglu, founder and CEO of TechNode— TechNode (@technodechina) November 19, 2018 This year was no different. From blockchain smartphones to battling robots, from hackathons to VC speed …