RE: Switching System 7 (SS7) Security flaws

You are viewing a single comment's thread from:

Switching System 7 (SS7) Security flaws

in hacking •  8 years ago  (edited)

Thanks for the post - now I remember you were a subject of a roundtable discussion back in my telecoms engineering days :). I'm just wondering if there are easy ways for anyone to just run something they downloaded off the net and exploit the SS7? Or is it something that doesn't have the potential to be that ubiquitous?

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

The "gateway" into SS7 is just an IP and port, with little to no security, but the 4 German telecoms have figured out how to filter accesses from outside the network, and block it. It's like the internet was way back when there were little to no firewalls. Remember how SMTP Outgoing messages would be passed from anyone? Then, along came spammers who forced more filtering. Telcos are doing that now, but when it comes to roaming, and other features the SS7 has to deal with, these are very hard to filter out, but "Snort" or other IDS's can be used, they just have to create the IDS rules to block it, much like the internet is today.

Look into software defined radios. Also google for "stingray"

There are ways to detect the use of StingRays by using a program written by SRLabs in Berlin called "Snoop Snitch", but it works on SOME but not on all Android phones, and works on a certain chip set. Apple, however, will never allow access to the "baseband" (radio part of the phone), like Android does.

So stuff like what we see in Watch Dogs (the game) is possible? lol

I know about SDR, they are used in OpenBTS, an open source system used with Asterisk PBX systems. in 2013 Burning man, someone setup a cell phone tower for people to use SMS messaging, but with no SS7 access, all they can do is send messages.

Yeah I kinda figured you would know about them. :) But the guy I was responding to was looking for a good place to start so I was giving him some search terms.