Noter om nyeste sikkerhedshul i mobilnettet

Jeg havde ikke opdaget historien om sikkerhedshullerne i SS7 standarden, der bruges af stort set hele verdens teleselskaber, og gør det muligt vilkårligt at lokalisere mobiltelefoner, aflytte samtaler og kopiere SMS beskeder. Ritzau’s historie indeholder ikke mange detaljer men det tager ikke lang tid at finde dem andetsteds.

Faktisk er historien gammel, for helt tilbage i august sidste år skrev Washington Post om det i “For sale: Systems that can secretly track where cellphone users go around the globe“. Men decembers Chaos Computer Club møde i Tyskland har givet os mange flere detaljer. For eksempel:

The German researchers found two distinct ways to eavesdrop on calls using SS7 technology. In the first, commands sent over SS7 could be used to hijack a cell phone’s “forwarding” function — a service offered by many carriers. Hackers would redirect calls to themselves, for listening or recording, and then onward to the intended recipient of a call. Once that system was in place, the hackers could eavesdrop on all incoming and outgoing calls indefinitely, from anywhere in the world.

The second technique requires physical proximity but could be deployed on a much wider scale. Hackers would use radio antennas to collect all the calls and texts passing through the airwaves in an area. For calls or texts transmitted using strong encryption, such as is commonly used for advanced 3G connections, hackers could request through SS7 that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded.
— Craig Timberg, “German researchers discover a flaw that could let anyone listen to your cell calls

Andre artikler: “Wie Merkels Handy abgehört werden konnte” og “Report: SS7 flaws enable listering to cell phone calls, reading texts

Dette indlæg blev udgivet i IT sikkerhed og tagget , , , . Bogmærk permalinket.

Skriv et svar

Udfyld dine oplysninger nedenfor eller klik på et ikon for at logge ind:

WordPress.com Logo

Du kommenterer med din WordPress.com konto. Log Out / Skift )

Twitter picture

Du kommenterer med din Twitter konto. Log Out / Skift )

Facebook photo

Du kommenterer med din Facebook konto. Log Out / Skift )

Google+ photo

Du kommenterer med din Google+ konto. Log Out / Skift )

Connecting to %s