Submitted via IRC for SoyCow8317
The US Department of Homeland Security recently warned that malicious hackers may have targeted US phone users by exploiting a four-decades-old networking protocol used by cell phone providers around the world, according to a spokesman for US Senator Ron Wyden (D-Ore.). Meanwhile, the spokesman said, one of the nation's major cellular carriers recently experienced a breach of that same protocol that exposed customer data.
[...] In a letter Sen. Wyden received last week, DHS officials warned that "nefarious actors may have exploited" SS7 to "target the communications of American citizens," Wyden spokesman Keith Chu told Ars, confirming an article published Wednesday by The Washington Post. On Tuesday, Wyden sent a letter to Federal Communications Commission Chairman Ajit Pai that heightened concerns of SS7 hacks on US infrastructure.
"This threat is not merely hypothetical—malicious attackers are already exploiting SS7 vulnerabilities," Wyden wrote. "One of the major wireless carriers informed my office that it reported an SS7 breach, in which customer data was accessed, to law enforcement through the government's Customer Proprietary Network Information (CPNI) Reporting Portal."
[...] Sen. Wyden's letter this week to the FCC chairman is a reminder that loopholes that allow all the carriers to share customer location data aren't the only threat facing cellphone users. In responses sent late last year to Wyden's questions about SS7 security, both Verizon and T-Mobile confirmed that they were still in the process of implementing firewalls that would filter malicious requests. AT&T, meanwhile, said it implemented such firewalls but didn't say when.
The senator accused the FCC of failing to adequately answer the threat posed by SS7, noting among other things that a working group the FCC convened in 2016 to address SS7 vulnerabilities was dominated by carrier insiders and comprised no academic experts.
(Score: 0) by Anonymous Coward on Friday June 01 2018, @04:54PM (3 children)
But now that we know for a fact that the DNC is being controlled by the CIA, which was recently frustrated beyond belief when their attempts to meddle in the US election failed and She Lost (such as fucking over Sanders with the mainstream media painting Sanders supporters, among whom were many, many women, as entirely failed men--incels, homosexuals, and rapists, aka "Bernie Bros"), why should we trust it?
But we also know that corporate IT is a bunch of shit, so that may be reason enough to pause before simply proclaiming that Sen. Wyden is attempting to find an inroads for implementing censorship of working class issues and organization on cell carrier networks.
(Score: 4, Informative) by takyon on Friday June 01 2018, @05:03PM
https://www.google.com/search?q=site:soylentnews.org+wyden&cad=h [google.com]
Wyden has consistently been on the correct side of digital liberties issues. Not that it has done much good, since for every Wyden, there is a Dianne Feinstein [fortune.com] and a couple of Republicans.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Friday June 01 2018, @07:31PM (1 child)
Roseanne, is that you?
(Score: 0) by Anonymous Coward on Friday June 01 2018, @07:49PM
Couldn't be. Roseanne would never defend those SJW faggots and leftist pussies. It's just the unending #salty tears from spineless beta cucks triggered by Trump Making America Great Again. Excellent jobs report this morning. Why hasn't @realDonaldTrump tweeted about it here yet?
Trump! Trump! Trump!
(Score: 3, Interesting) by frojack on Friday June 01 2018, @06:07PM (1 child)
Chuckle!!!
I can see LE laughing their asses off, and teasing the hell out of their hacking department for getting caught.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Friday June 01 2018, @08:29PM
I thought laughing was more of a chaotic evil thing.
(Score: 3, Interesting) by nobu_the_bard on Friday June 01 2018, @06:28PM
I followed links around and got to this document, which was interesting; it describes some of the vulnerabilities on SS7:
http://darfe.es/joomla/index.php/descargas/finish/5-seguridad/1354-analysis-of-attacks-vulnerabilities-ss7-sigtran-using-wireshark-and-or-tshark-and-snort-en/0 [darfe.es]
I assume it's machine or amateur translated because there's some odd sentences like this one in the part they explain the organization of the vulnerabilities presented:
(Score: 2, Funny) by Anonymous Coward on Friday June 01 2018, @06:51PM
Pai promptly closed the ticket with a reason of "Not a bug; works as intended."
(Score: 0) by Anonymous Coward on Friday June 01 2018, @07:00PM (2 children)
Never heard of it, nothing in TFA explains it.
(Score: 3, Informative) by aim on Friday June 01 2018, @07:15PM
Read up: Signalling_System_No._7 [wikipedia.org]
(Score: 2) by DannyB on Friday June 01 2018, @08:55PM
I heard of it clear back in the 1980's.
I seem to recall The Day The Phones Quit Working.
This is when they had a failed changeover to SS7. At that time, landline phones (remember those?) were as important as internet and smartphones are today. Something people absolutely depended on having working. It was big news. I'm trying to google for it, and can't find a reference.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by DannyB on Friday June 01 2018, @08:58PM
I have suggested two theories about Stingray in the past. Both theories are about why Stingray is so secret that they actually let criminals go free rather than let Stingray ever be scrutinized in court.
1. It is based on the secret knowledge of a vulnerability in the protocol design.
2. It is based on stolen credentials or crypto keys.
In either case, if the secret got out, anyone could build a Stingray. In the case of (2), the credentials / keys would get replaced ASAP and the daze of Stingray would be over.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 4, Insightful) by requerdanos on Friday June 01 2018, @11:12PM
TCP (of TCP/IP fame) is from 1974 [wikipedia.org], making it about 44 years old, but that doesn't make it a shuddering horror; if you want to use it securely, there are means ranging from PGP to TLS at your disposal.
Yes. And the largest group of nefarious actors that does such a thing to American citizens is called the American government. Focusing on telecommunications protocol is good for general security principles, but they aren't the demon. The NSA is.