Noter om nyeste sikkerhedshul i mobilnettet

Jeg havde ikke opdaget historien om sikkerhedshullerne i SS7 standarden, der bruges af stort set hele verdens teleselskaber, og gør det muligt vilkårligt at lokalisere mobiltelefoner, aflytte samtaler og kopiere SMS beskeder. Ritzau’s historie indeholder ikke mange detaljer men det tager ikke lang tid at finde dem andetsteds.

Faktisk er historien gammel, for helt tilbage i august sidste år skrev Washington Post om det i “For sale: Systems that can secretly track where cellphone users go around the globe“. Men decembers Chaos Computer Club møde i Tyskland har givet os mange flere detaljer. For eksempel:

The German researchers found two distinct ways to eavesdrop on calls using SS7 technology. In the first, commands sent over SS7 could be used to hijack a cell phone’s “forwarding” function — a service offered by many carriers. Hackers would redirect calls to themselves, for listening or recording, and then onward to the intended recipient of a call. Once that system was in place, the hackers could eavesdrop on all incoming and outgoing calls indefinitely, from anywhere in the world.

The second technique requires physical proximity but could be deployed on a much wider scale. Hackers would use radio antennas to collect all the calls and texts passing through the airwaves in an area. For calls or texts transmitted using strong encryption, such as is commonly used for advanced 3G connections, hackers could request through SS7 that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded.
— Craig Timberg, “German researchers discover a flaw that could let anyone listen to your cell calls

Andre artikler: “Wie Merkels Handy abgehört werden konnte” og “Report: SS7 flaws enable listering to cell phone calls, reading texts

This entry was posted in Security and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.