back to article Why are creepy SS7 cellphone spying flaws still unfixed after years, ask Congresscritters

Two of the most technically literate US politicians want to know why America's Homeland Security is dragging its feet over SS7 security flaws in our mobile phone networks. The Signaling System 7 protocol is used to, among other things, interconnect cellphone networks. It was developed in the 1980s and has virtually no security …

  1. This post has been deleted by its author

    1. Kernel

      Re: Why do we still have the traditional cell infrastructure anyway?

      Yes, and the internet is just a great big cloud that magically transports data from A to B.

      Spend a few years working in the engineering side of the telco industry and then come back at tell those of us who do have that experience how simple it should all be.

      1. Jtom

        Re: Why do we still have the traditional cell infrastructure anyway?

        Yep. I was a voice architect when VOIP was added to data networks. Went round and round with the data architects over packet loss and delay, and requirements for end-to-end quality, particularly across multiple networks. We voice guys lost the battle. That's why cell phones are great for everything - but making a voice call.

    2. HereIAmJH

      Re: Why do we still have the traditional cell infrastructure anyway?

      Many of the radios have already been replaced during the LTE rollout. And it doesn't free up any spectrum because the growth of data means all the spectrum gets refarmed as quickly as possible to support LTE.

      As far as making the cellular networks dumb pipes, there are a number of problems. First is phone companies make money selling services. A dumb pipe doesn't let them sell anything but connectivity, removing a large percentage of their revenue stream. And everyone thinks they should have unlimited data so they can stream videos. The next problem is phone company culture. They know how to provision and sell phone services. They understand switched networks and have carried that model over to IP networks. And finally, governments don't want them to change because they will lose almost all of their ability to do surveillance.

      As a consumer, you might want to consider one of the disadvantages of VOIP, the lack of caller ID. It has always been possible to set your own caller ID info, but in the past it required hardware like a PBX. With VOIP, anyone with some coding experience can appear to be anyone they like. Many less than honest telemarketers are already using it to get past Do Not Call registries, and it is only going to get worse.

    3. Anonymous Coward
      Anonymous Coward

      Re: Why do we still have the traditional cell infrastructure anyway?

      No radios need to be replaced, what do you think VoLTE is? The problem calling phone numbers requires SS7 for figuring out where each other is. Obviously you can get around that, like Apple does for Facetime, but then you lose the guarantees that insure the connection doesn't lag etc.

      I think the reason SS7 hasn't been replaced is because once most of the critical mass is on some type of VOIP / VoLTE / Vo5G, it can start to be phased out. I don't follow enough to know if there's some sort "SSng" under development or that already exists to handle packet switched IP telephony which can effectively take over, with SS7 increasingly relegated onto its own insecure island. There's simply no point in fixing it now.

      1. Tom Samplonius

        Re: Why do we still have the traditional cell infrastructure anyway?

        "I think the reason SS7 hasn't been replaced is because once most of the critical mass is on some type of VOIP / VoLTE / Vo5G, it can start to be phased out. I don't follow enough to know if there's some sort "SSng" under development or that already exists to handle packet switched IP telephony ...""

        Umm... so much misunderstanding. SS7 is used for call setup, routing, LNP and E911 application stuff. It is also used a query protocol as well. SS7 is an out-of-band protocol. So, it isn't carried on the same lines as those that carry voice. SS7 can handle call setup for any arbitrary "trunk". It doesn't are how calls are transported across the network. Also, SS7 is often carried as IP. SS7 over IP is called SIGTRAN. Its just SS7 packets stuck in IP packets.

        There is a lot more security in SS7 than this article indicates. SS7 is used between competing companies. SS7 gateways are known as signalling transfer points (STPs), and they typically do a lot of screening of requests. Application requests are screened in various ways as well. Basically SS7 firewalls. I worked at a carrier and was involved in using SS7 to set requests to both application providers and other carriers.

        1. Peter Gathercole Silver badge

          Re: Why do we still have the traditional cell infrastructure anyway?

          I do not profess to have your level of experience, but I did receive some training on SS7 when I worked for a telco technology company in the '80s.

          I believe that in data transmission on physical lines, most SS7 hardening is 'armadillo', i.e. boundary protection with not so much once you get into an operators internal network. SS7 controls call routing through a network, so if you have access to the internal network and can inject false routing information using SS7, it would be possible to re-route calls through routing nodes that you control, and thus potentially eavesdrop on the conversation. It would not surprise me if the TLAs in the US use this mechanism in US telephone operators networks.

          Of course, back when it was created, the concept of miscreants getting access to the internal network of an operator was considered unlikely, so there was not reason to think about security for SS7.

        2. Roland6 Silver badge

          Re: Why do we still have the traditional cell infrastructure anyway?

          Re: There is a lot more security in SS7 than this article indicates.

          Plus there are third-party security tools such as Mavenir's to augment this security.

          However, it has been known for years that current signalling protocols such as SS7, Diameter and SIP are open to exploitation and prone to attack from hackers. Similarly some of the other behind the scenes Internet service provision protocols and services, such as DNS, have been found wanting.

          So to me this article is really more of a wake-up call that security needs to become far more embedded into the Internet's architecture. Suspect the final solution is probably going to be incompatible with the Internet as used today, so maybe we should start talking about Internet v2...

    4. swschrad

      uh, SS7 connects everything... VoIP, landline, cell, 911...

      the core switching/billing protocol for all voice set-up/teardown/billing control is Signalling System 7. not just cell. if a call connects to anything public, on whatever mode, it hits SS7. the whole voice system worldwide is interconnected by SS7. VoIP has to gateway through it. cell. 911 calls. this is why you don't get a picture of a SS7 server. the security breach is going to be somebody's telco, probably some country like East Freaking Nowhereistan. the voice doesn't touch it, only the setup/teardown/billing. which in itself is data you don't want on the darknet.

  2. Anonymous Coward
    Anonymous Coward

    replacing dangerous things

    why don't we start with the less capable politicians?

    1. heyrick Silver badge

      Re: replacing dangerous things

      This presupposes that there are more capable politicians...

      1. dajames

        Re: replacing dangerous things

        This presupposes that there are more capable politicians...

        There are ... it's what they're capable of that should concern us.

    2. Mark 85

      Re: replacing dangerous things

      Good question. Maybe because the less capable are very good at getting re-elected. People want pop-answers to tough questions. For the most part, capable politicos are discouraged. Wyden and Lieu are rarities to say the least. The rest may mouth some platitudes about tech, security, and privacy, but these two get it.

      1. David 132 Silver badge
        Thumb Up

        Re: replacing dangerous things

        I'm proud that Ron Wyden represents my adopted home state of Oregon, and have written to him a couple of times to thank him for his stance on tech issues.

        Unfortunately, as I'm only a resident alien, I can't vote for him (or anyone else) so my support makes bupkis difference one way or another :/

    3. Solarflare

      Re: replacing dangerous things

      "why don't we start with the less capable politicians?"

      Because USA doesn't have any remit to remove the Tory party from office...

  3. Anonymous Coward
    Anonymous Coward

    Back in the USSA

    They like to import & embrace ideas that have lots of S's in them.

  4. Version 1.0 Silver badge

    Just checked with the NSA

    That's not a bug, it's a feature. It will be fixed just as soon as they've invented a better "feature"

  5. Nolveys

    Senator Wyden also took to the floor of the US Senate today to ask why he's still waiting to find out how many Americans have been caught up in the surveillance dragnet being run by the NSA, six years after he first asked for the information.

    You're still waiting because the NSA doesn't answer to congress.

    1. Anonymous Coward
      Anonymous Coward

      If Wyden is one of the good guys, why didn't he escalate after NSA failed to answer the first time?

      This is what politicians do. All talk, no action.

      1. Anonymous Coward
        Anonymous Coward

        "This is what politicians do. All talk, no action."

        This is what politics is; all talk, and very little action. Sometimes a law or two, but mostly lobbying gifts and golf weekends with the CEOs who want to ask a favor of Godfather Don Governmenti.

        The problem is all politicians are corrupt in some way. It's up to the people at large to figure out the least corrupt ones, elect them, then get them to divorce from the bribery scam commonly referred to as lobbying. This latest US "administration" is the opposite of that. It's not status quo, this is a step backwards in accountability, representation, and common human decency. Furthermore, our news is crammed with the lie that there is a two party system. It sells papers, and makes people pay attention to the source, if only the get mad at it. When you look past the noise, you can see what's going on; corporations have taken over our country. The us vs them fighting is a cute rouse to keep the muggles from noticing they are supporting a plutocracy. It is known.

  6. Anonymous Coward
    Anonymous Coward

    This is already actively exploited by Kazakhstani e-banking gangs.

    1. swschrad

      customer data does not hit SS7

      the system only controls call set-up/teardown/billing. no user traffic ever hits SS7. the Kazaks can't get bank information from it because there is none in it. SS7 spits a bill stream to a telco's other systems to generate billing, it is not resident in SS7. I'm not going further.

      1. Anonymous Coward
        Anonymous Coward

        Re: customer data does not hit SS7

        Oh dear.. a little bit of knowledge and you're an expert.

        Stop and think about what a bank might send over a mobile network that could be of interest to an e-banking crime syndicate.

      2. Anonymous Coward
        Anonymous Coward

        Re: customer data does not hit SS7

        They can get banking TAN from your SMS. That's the whole point. SMS is not really user data in terms of the network design. It was added as a feature how to make money from the free leftover bytes in system messages.

  7. dm_dv
    IT Angle

    Sigh...

    Encryption is there for a reason, the sooner everybody gets and understands it's importance, the better, your data would never have been stolen if you'd been using .. Oh wait, I forgot Stux-Net was using .. oh wait, all these Vault 7 leaks they seem to repeatedly touch on the subject of .. oh but wait nobody actually uses .. "Meh!" .. I'm so sick of turning on the news to hear about how they've been implanting people's device's running completely amok with a rich diverse heritage that tries to embrace the security of information bastardizing everything it stood for, these guys wanted a whirl-wind, well now it's time to pay the piper, you hired ton's of kids and taught them all to use Linux .. an now your pissed because guys that use it can see you fucking around with the code-base to what is predominantly completely all about security 100%

    Ad's companies are finding it hard trying to enforce advertising on the end users if the end users are 100% focused on security by banishing weak applications and sand-boxing the rest.

    The great war has finally come... Lord Sauron seeks the one Ring!

    As for wire-tap's how come they're still using "Research Unix" calling it artificial intelligence?

    Funny thing is the military insisted we should all have the Internet!

    Read-up on it's history from the 80's and you soon see the good, the bad and the ugly!

  8. dm_dv
    Devil

    Metadata - eh Like lvmetad with the LLVM & AES-XTS?

    People are clueless as to what warranted hacking means, that means some guy with the Meta-sploit framework can attempt to hack your PC & Phone. Illegally! - Like some Script-Kiddie!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like