Jeg havde ikke opdaget historien om sikkerhedshullerne i SS7 standarden, der bruges af stort set hele verdens teleselskaber, og gør det muligt vilkårligt at lokalisere mobiltelefoner, aflytte samtaler og kopiere SMS beskeder. Ritzau’s historie indeholder ikke mange detaljer men det tager ikke lang tid at finde dem andetsteds.
Faktisk er historien gammel, for helt tilbage i august sidste år skrev Washington Post om det i “For sale: Systems that can secretly track where cellphone users go around the globe“. Men decembers Chaos Computer Club møde i Tyskland har givet os mange flere detaljer. For eksempel:
The German researchers found two distinct ways to eavesdrop on calls using SS7 technology. In the first, commands sent over SS7 could be used to hijack a cell phone’s “forwarding” function — a service offered by many carriers. Hackers would redirect calls to themselves, for listening or recording, and then onward to the intended recipient of a call. Once that system was in place, the hackers could eavesdrop on all incoming and outgoing calls indefinitely, from anywhere in the world.
The second technique requires physical proximity but could be deployed on a much wider scale. Hackers would use radio antennas to collect all the calls and texts passing through the airwaves in an area. For calls or texts transmitted using strong encryption, such as is commonly used for advanced 3G connections, hackers could request through SS7 that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded.
— Craig Timberg, “German researchers discover a flaw that could let anyone listen to your cell calls“