If you watched the 60 mins program last night it shows how vulnerable every one who owns a mobile phone is,
In brief all telco towers are connected via an ss7 portal which allow one mob com and caller to talk to another,
problem is this portal can be hacked into via an imsi device that acts as a tower, its illegal to own or use these gadgets but the reporter phoned Independent Australian Senator Nick Xenophon to ask if he thought it was possible to tap in and record his ph calls and intercept sms .permission was given and to say he was surprised was an understatement. These imsi units can be bought on the net , the crime syndicates listen in to any call where bank account info is being communicated, they can even use Google maps to know where you are. This is how the police and spy agencies have been able to locate criminals and tap into government agencies and top 500 companies. ACCESS $14,000 per month. all I can say is the cats out of the bag.
Below is the link and part of the story for those who did not see it. worth watching and reading.
http://www.9jumpin.com.au/show/60minutes/stories/2015/august/phone-hacking/
16/08/2015
by Ross Coulthart, reporter, 60 Minutes, @rosscoulthart
A massive security hole in modern telecommunications is exposing billions of mobile phone users in the world to covert theft of their data, bugging of
their voice calls, and geo-tracking of their location from by hackers, fraudsters, rogue governments and unscrupulous commercial operators using
hundreds of online portals across the planet.
In a world-first, 60 Minutes has proven the worst nightmares of privacy advocates around the world: that mobile phone calls and data are wide open
to interception because of flaws in the architecture of the signalling system – known as SS7 - used to enable mobile phone roaming across
telecommunications providers. Despite this concern, the Australian Government’s own Cyber Security Threat Report, published in June, makes
no mention of what is probably the biggest threat to this country’s commercial secrets and individual privacy.
60 Minutes’ story shows how German hackers working from Berlin, given legal access to SS7 for the purposes of the demonstration, were able to intercept
and record a mobile phone conversation between 60 Minutes reporter Ross Coulthart while he was speaking from Germany to
Independent Australian Senator Nick Xenophon in Australia’s Parliament House. As further proof of the hack, Coulthart then made another phone call
from London, England, to the Senator in Australia which the Berlin hackers were also able to intercept and record, even though they were in Germany
1000 kilometres distant.
The Berlin hackers from SR Labs, who first warned of the vulnerability in SS7 in 2008, were also able to intercept and read the Senator’s SMS’ from
Australia to Coulthart in London. The hackers were also then able to geo-track the Senator as he travelled to Japan on official business, mapping
his movements around Tokyo and Narita down to the nearest cell tower (within a few hundred metres), and later precisely tracking around the streets
of his South Australian home suburb when he returned to Australia.
The demonstration also shows how the key fraud protection relied on by banks to protect banking transactions from fraud – verification by SMS message –
is useless against a determined hacker with access to the SS7 portal because they can intercept and use the SMS code before it gets to the bank customer.
The same technique can also be used to take over someone’s online email account. The call-forwarding capacity of SS7 also allows any mobile to be forcibly
redirected to call hugely expensive premium numbers, the cost of which is then billed to that customer’s account. SS7 also allows any number to be blocked, raising the fearful possibility that the vulnerability could be used by criminals or terrorists to stop a victim from calling police or emergency services. Cellular telephony is also used to remotely manage large industrial equipment, to send instructions to gas, electricity and other utililities and factories over 2G and 3G mobile communications. It is not inconceivable that an SS7 hack could be used to change settings or shut down a power station.
The German hacker who did the demonstration, Luca Melette, from SR Labs, told 60 Minutes after the demonstration hack: ‘This is quite shocking for me also
that SS7 is not secure.’ It was another hacker, Tobias Engel, who first warned of the vulnerabilities in SS7 and he demonstrated how it might be done at
a Chaos Computer Club conference in Germany in December last year. [The December 2014 Chaos Communications Congress videos on the security vulnerability
can be viewed here: SS7: Locate. Track. Manipulate., SS7map: Mapping Vulnerability of the International Mobile Roaming Infrastructure, and
Mobile Self-Defense]
When shown the extent of the vulnerability in mobile phone telephony, Senator Xenophon was outraged and called for an immediate full public inquiry:
‘This is actually quite shocking because it affects everyone. It means anyone with a mobile phone can be hacked, can be bugged, can be harassed.
The implications of it are enormous and what we find is shocking is that the security services, the intelligence services, they know about this
vulnerability,’ he told 60 Minutes.
SS7 is the signalling system between phone companies which allows a mobile phone to roam from one country to another. Under international agreements
all telecommunications providers have to provide details of their subscribers automatically via the SS7 system on request from another provider.
An SS7 request on a phone number instantly provides the phone handset’s unique IMEI number, the name and contact details of the phone account subscriber,
whether their phone is allowed to roam internationally, what kind of account they use – post or pre-paid? – and, perhaps most disturbingly of all,
it shows the nearest cell phone tower to which that mobile phone is currently connected. Using this information, a determined hacker with access to
the SS7 system can actually listen in to any mobile phone conversation by forwarding all calls on a particular number to an online recording device and
then re-routing the call on to its intended recipient with the man-in-the-middle attack undetected. It also allows the movements of a mobile phone user
to be geo-tracked on an application like Google Maps.
Historically, only large telecommunications providers were given allowed access to query SS7 for subscriber data but in recent years VOIP (Internet Phone)
providers, smaller phone companies and numerous third-party SMS messaging services are now gaining access. There are also fears that some providers
with SS7 access are illicitly sub-leasing their portal to third parties. The global body representing mobile phone users – the GSMA (Groupe Speciale Mobile
Association ) – lists 800 members from 220 countries with full authority to run mobile phone networks, including access to the SS7 signalling system which
has the gaping security flaw. [Full membership list here:
http://www.gsma.com/membership/who-are-our-gsma-members/full-membership/ ] Those GSMA country
members include mobile phone providers from many poor and unstable war-stricken nations including Iraq, Syria and Afghanistan, countries with ongoing
insurgencies; it raises the fearsome possibility that terrorists or criminals who seize a local phone company with SS7 access could misuse SS7 to cause
havoc or commit crimes across the telecommunications system. 60 Minutes is aware of a recent analysis done by a French Telco which revealed a huge spike
in SS7 queries from Africa and the Middle East which far exceeded the number of phones roaming in those regions; this suggests the SS7
‘Any-Time-Interrogation’ (ATI) queries for subscriber information and location were done for illicit purposes such as espionage or criminal fraud.
‘SS7 attacks are a reality,’ a telecommunications conference was told two weeks ago.
