Researchers discover flaw that could let anyone listen to your cell calls, intercept text messages

MacDailyNews ^ | Friday, December 19, 2014 · 10:26 am

[Swordmaker]

“German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available,” Craig Timberg reports for The Washington Post.

“The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s cellular carriers to route calls, texts and other services to each other,” Timberg reports. “Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.”

“The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network,” Timberg reports. “Those skilled at the myriad functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is potential to defraud users and cellular carriers by using SS7 functions, the researchers say.”

[MeshugeMikey]

does the NSA know about this....?

[Swordmaker]

A flaw in the old Cell phone tower protocols from the 1980s can allow interception of your calls and texts. . . Discoverers claim that encryption doesn't matter. I find that difficult to believe. — PING!

Cellular Phone Security Ping!

If you want on or off the Mac Ping List, Freepmail me.

[editor-surveyor]

Law enforcement has been using this for about 30 years.

Employee live cell phone tracking systems also use it.

.

[MeshugeMikey]

thanks the Germans ...appear to be a bit this side of do cutting edge research!

[Paladin2]

What's a "Cell Phone"?

Something from Dick Tracy?

[cripplecreek]

The whole idea of electronic security (cell/ internet) is a fool’s game. The only real security there is is plain old common sense. Its fool proof.

[zeugma]

does the NSA know about this....?

The NSA was instrumental in making sure we wouldn't have any privacy in SS7 signalling.

 

[dayglored]

>> ...record hundreds of encrypted calls and texts at a time for later decryption...

> Discoverers claim that encryption doesn't matter. I find that difficult to believe.

It sounds to me more like they're blithely saying "Oh we'll decrypt that later" without demonstrating, or even explicitly stating, that they have any way to decrypt it.

So the encryption matters, and they're not denying it. They're just saying that in time they hope to be able to decrypt it.

[roadcat]

The only real security there is plain old common sense.

When you can't encrypt, fool 'em:

Kirk: Kirk to Enterprise.

Spock: Spock here.

Kirk: Captain Spock, damage report.

Spock: Admiral, if we go "by the book". like Lieutenant Saavik, hours could seem like days.

Kirk: I read you captain. Let's have it.

Spock: The situation is grave, Admiral. We won't have main power for six "days". Auxiliary power has temporarily failed. Restoration may be possible, in two "days". By the book, Admiral.

[Swordmaker]

So the encryption matters, and they're not denying it. They're just saying that in time they hope to be able to decrypt it.

Well, the carriers are giving THEIR encryption keys to the NSA. . . but not to crooks. Oh, wait, maybe NSA and crooks are one and the same, depending on one's definition. Apple's iMessage encryption is not shared with anyone.

The ability to decode any encryption depends on how complex the key is. . . a sufficiently complex key can take years or eons to unencrypt. If the Carrier's key is simple, and the data is sufficiently repetitive, it would trivial for anyone to decode it. I suspect the level is not too high.

[Swordmaker]

What's a "Cell Phone"?

What arrestees use to make their one and only phone call on?

[MeshugeMikey]

aha long term planning ahead...

[SunkenCiv]

Thanks Swordmaker. Fans of WikiLeaks and Pirate Bay, take note.

[kjam22]

They said North Korea must have done it....

[kjam22]

I’m a big fan of privacy.... but I’m just saying...if they track my cell phone they’re gonna get.... “hey, my car won’t start. I need you. Okay, I’m on my way with jumper cables”. Or.... “Hey, I need you to play guitar in our candlelight service”. “Okay, be glad to”. Or..... “What time are we going to play golf tomorrow? I have a 10 am tee time”.

[Patriot777]

Reminds me of a scene from "Hot Shots - Part Duex": "Recon reports Indians on the warpath in your area. Over." "Ain't no Indians around here. Over." "Do not take literally. Repeat. Do not take literally." "The vultures are circling the carcass. Repeat. The vultures are circling the carcass. Over." "I see a couple of gulls, but I don't..." "The pit bull is out of the cage. The crips are raiding the store." "Hey, you yanking my crank?" /img>

[dayglored]

FWIW, for the past 10+ years, I’ve used PGP/GPG with a 4096-bit key for anything I want to keep away from prying eyes. Nothing less is trustworthy, IMO. I’m 63, and I’ll be dead before they’re able to crack a 4096 bit encryption. Or if I have the good fortune to live long enough to see that threshold crossed, I’ll bump it up another factor of 2 and re-encrypt the stuff I care about.