German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available.
The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s cellular carriers to route calls, texts and other services to each other. Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.
Yes. “Flaw”. Totally an accident, nothing to see here.
Again a confirmation of “everything which is technically possible will be done, no matter if we recognize it”. This is of course nothing in relation to intention, it’s just an accidental surprise for everyone…
Also compare: “The second operating system hiding in every mobile phone” from one year ago.
http://www.osnews.com/story/27416/The_second_operating_system_hidin…
Don’t forget that “when [you] really need a confidential conversation, [you’ll] use a fixed-line phone”.
Nixon approves.
Normal cell phone calls are not encrypted. The tech required to intercept calls is setting up a tower that is more powerfull than the real towers and tell phones this is a free relay (this is the tech used to make cell-phones work in tunnels for instance).
There is no malice, but there is no encryption either. It doesn’t take a flaw to intercept cell phone calls!
I should also read the article. This is about redirecting calls so it is useful to intercept calls for specific phones remotely. Still requires a way to inject SS7 commands though.
Still encryption would still protect against it, and no one should consider unencrypted phone calls safe from interception.
Not true. At least for the GSM standard there is an (optional) encryption algorrithm family called A5.
The normally current used algorithm is A5/3.
http://en.wikipedia.org/wiki/A5/1
http://en.wikipedia.org/wiki/A5/2
http://en.wikipedia.org/wiki/A5/3
You can see which provider uses which security features here:
http://gsmmap.org/
Edited 2014-12-20 11:49 UTC
Sandlord,
Thank you for posting that information, however just for people who don’t click the links it should be mentioned that they’ve all been broken in one way or another.
This link accuses US operators in particular of doing nothing to retire broken encryption for many years after the attacks were disclosed.
http://security.osmocom.org/trac/wiki/A52_Withdrawal
This is why we can’t have nice things.
So i could listen to phone porn for free?!
Wait, I’m confused. Who even thought mobile communications were even remotely secure to begin with?
Journalists relaying/parroting informations and government statements they do not understand ? After all every president have a mobile phone with added security and cryptology, that should have hinted how much normal phone lines are secure.
It’s more the scope of it. Imagine you’re a government agency who wants to tap the phone calls of a central Asian ex-Soviet state president (for example). You can either spend a lot of time and effort getting a friendly agent inside the telephone exchange to insert physical taps and then arrange a complex system to get that data back to you and hope no one notices it, or you can sit at a computer in your comfy air-conditioned office and click a few buttons.
This is of course all entirely hypothetical and I’m sure no government agency has ever dreamed of doing such a thing. *cough*
Yeah, the “flaw” is called the NSA.
Anagram for CIA + NSA + FBI ?
“If bias can”
It’s telling something.
Who talks on their cellphone ?
I think my dad used to do that.
— pretentious kid who only texts.