Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Communications Networking Security Government Network Privacy Wireless Networking News Hardware Your Rights Online

The Critical Hole At the Heart Of Our Cell Phone Networks (wired.com) 32

An anonymous reader writes: Kim Zetter from WIRED writes an intriguing report about a vulnerability at the heart of our cell phone networks. It centers around Signaling System No. 7 (SS7), which refers to a data network -- and the protocols or rules that govern how information gets exchanged over it. Zetter writes, "It was designed in the 1970s to track and connect landline calls across different carrier networks, but is now commonly used to calculate cellular billing and send text messages, in addition to routing mobile and landline calls between carriers and regional switching centers. SS7 is part of the telecommunications backbone but is not the network your voice calls go through; it's a separate administrative network with a different function." According to WIRED, the problem is that SS7 is based on trust -- any request a telecom receives is considered legitimate. In addition to telecoms, government agencies, commercial companies and criminal groups can gain access to the network. Most attacks can be defended with readily available technologies, but more involved attacks take longer to defend against. T-Mobile and ATT have vulnerabilities with fixes that have yet to be implemented for example.
This discussion has been archived. No new comments can be posted.

The Critical Hole At the Heart Of Our Cell Phone Networks

Comments Filter:
  • Didn't I read the same story a week ago on slashdot?
    • You heard about it on 60 Minutes last week: http://www.cbsnews.com/news/60... [cbsnews.com].

    • by Striek ( 1811980 )

      Not exactly. This is Wired covering the story - the same story that The Guardian covered two weeks ago [theguardian.com] showed up here on the 18th [slashdot.org] of this month.

      It's the same story essentially. If you follow the research back far enough you'll find the same sources. But Wired does, IMHO, a far better job of covering it.

      (Too bad they jumped on the anti-adblock bandwagon. Their reporting has always been top notch.)

    • It has been discussed literally for decades, too. There was talk at Bell Labs about this in the 1980s.
  • by Anonymous Coward

    With all of the attempts to hobble encryption and force companies to cooperate with authorities against consumers people are assuming this is anything but intentional? The only "bug" in this system from the governments perspective is that people besides them can now exploit it. The cell network from its inception could have probably been designed with much more security, privacy and redundancy without too much additional effort. But all of that would have made warrantless use of stingrays, call records s

  • Why the euphemism (Score:3, Insightful)

    by Wootery ( 1087023 ) on Friday April 29, 2016 @09:32AM (#52012361)

    vulnerabilities with fixes that have yet to be implemented

    Unfixed vulnerabilities, then.

  • by TheRealHocusLocus ( 2319802 ) on Friday April 29, 2016 @10:56AM (#52012923)

    Geez... IF ONLY the ability to hack into the signalling network and make some free calls was the worst of our problems. What a wonderful world that would be.

    How about... the fact that you are probably within a thousand feet of a cell tower that is too bloody stupid to connect your cell phone with your neighbor's cell phone? How we made a transition over the last couple of decades from a Bell Standard Practice of completely autonomous wired phone systems [slashdot.org] in hardened buildings, each with the capability to provide complete functionality and call completion to its area served so long as you keep a single generator running... and if your neighboring cities or counties keep the generators their buildings running, you can call them too...

    To a cell phone patchwork abortion of distributed virtual networks. Now, depending on the size of your state, instead of dozens there are hundreds, even thousands of emergency generators that must keep running if grid power fails, some on towers that are necessary to connect the edge networks with a fragile few, centralized CO/HLR platforms [slashdot.org] to handle roaming and billing, which may be hundreds of miles and several hops away. As one AC in the linked thread says, "A large wireless carrier for example has three switches for the entire state. What that means is if that central switch goes down, you cannot call people local to your area/CO."

    So to describe it in layman's terms, if you wanted to complete a call on a Bell network the answer was FUCK YEAH, so long as it didn't have too many different digits. For cell phones the answer is FUCK NO BY DEFAULT unless a deliciously complicated procedure involving connectivity and negotiation to distant computers completes quickly and successfully. This system was built out by telecommunications engineers making a series of decisions. Each decision made the system more fragile, and they kept making them for years. It was always someone else's job to look at the whole and say, "Well sheeit. This is a whole lot stupider than the system it is replacing, if something bad happens." And that someone else never showed up for work. These engineers were all grown-ups, but their collective decision was infantile.

    So enjoy your 2G and your 3G and your 4G while it lasts. Dance on Ma Bell's grave and laugh at those gutted terminal boxes in your neighborhood with their covers off, raindrops dripping off the rainbow of copper wires going nowhere. But unlike the 'dark ages' of the 1970s,should something should go wrong and the power goes out and it becomes critical for communities to communicate with one another, it's all the way back to Pony Express, baby. Better gas up yer horse.

    • by Lumpy ( 12016 )

      your cellphone cant connect to your friends cellphone next to you for one reason only.... you cant be billed for that so it will never happen.

      the tech is there, the devices are capable of it, the cellphone companies dont want you to have it.

      • your cellphone cant connect to your friends cellphone next to you for one reason only.... you cant be billed for that so it will never happen.

        I was not suggesting that there should be some directly integrated peer-to-peer cellphone protocol, though that would be nice. It would result in us having walkie-talkies that work rather than nothing at all.

        The problem is that there was never any real mandate to ensure that your 'local' phones have any local functionality.
        Towns, cities and counties have no guarantee that their cell phones will work at all if their network becomes isolated.
        No guarantees, no responsibility, no problem.

        If this was ever discov

        • by LDAPMAN ( 930041 )

          This really is a serious issue. Even if the system is not damaged during an emergency, it can be overwhelmed and we lose the ability to communicate. We definitely need to push for reliability standards as the cell system is no longer an auxiliary channel but is the main voice communications system.

        • And I just love drive by meta-mods tagging P and GGP as 'overrated'. Little techno-babies needing to put their fingers in their ears to shut out bad men who talk about the grid going down for any reason, and how it might affect them.

          Don't get me wrong, I am blown away by the technology and consider it a Good Thing. But it was incredibly dumb to completely disregard area-autonomous operation. It was deriliction of duty for the feds not to step in early and mandate it. It's not a wireless thing either. You n

    • 0 - None of this has to do with the 'old days', when roaming cost real $, and carriers were competitive with each other at the local market level?

      1- Nor does it have to do with the old 'wireline' v 'non-wireline' distinctions?

      2 - When wireline ruled, all you really needed in the CO were those old batteries, charged and ready, to survive maybe 48 hours without utility power. Fire off the generators 4 hours in if it seemed desperate. Of course, you should then start calling around to get spare battery packs

    • We're all dooooooomed!

  • Pssh (Score:4, Insightful)

    by Anonymous Coward on Friday April 29, 2016 @12:05PM (#52013521)

    It's not complicated. Previously control signals had been sent in-band with the data. This allowed malicious users to hijack the phone system. It used to be as simple as playing a 2600Hz tone... you could make untraceable calls, eaves-drop on others calls, etc. etc. etc.

    So along comes SS7. It makes one change: Signalling is now done out of band on a separate channel from the data. This prevents malicious users from sending control signals over the line without access to SS7 facilities. However, it does not prevent those with administrative access to an SS7 facility from doing malicious things. In fact, this is exactly why the NSA sets up people at your local telecom... because by having administrative access they can view all traffic.

    You can encrypt your communications to stop typical malicious users (it won't be effective against determined state actors). But how do you prevent an SS7 administrator from seeing where you are calling from, where you are calling to, when you switch towers, the duration of the call, etc. etc. when the SS7 system needs that information to connect your call and provide billing? What fix would resolve this?

    How is hijacking an SS7 switch any different then hijacking an internet backbone router?

  • by Opportunist ( 166417 ) on Friday April 29, 2016 @12:15PM (#52013587)

    It's the same problem car makers face now with WiFi hackable cars. You can almost see someone stand there at Bosch when they designed the CAN bus...

    "Security? Are you high? Let's assume some mundane schmuck even HAS the technology at his hands, if he can get to the bus and attach himself to it and know the protocol and all that shit, he's already in the car. Why the fuck add security?"

    And I can almost see the same at AT&T a few years earlier. Just replace car with ... whatever the boxes are called that switch phone stuff.

  • SS7 was an improvement because it was out-of-band. All SS7 interaction came from The Phone Company, because there was only one in each country. There was not Another System (see "Colossus"); there were no other companies sending SS7 messages over insecure links, because there weren't any of either.

Machines that have broken down will work perfectly when the repairman arrives.