FCC: Phone Network Bugs Must Be Fixed — But are SS7/Diameter Beyond Repair?
2024-4-6 00:55:43 Author: securityboulevard.com(查看原文) 阅读量:3 收藏

An old-school telephone, the like of which Millenials have never seen. Also: Get off my lawn.The Federal Communications Commission is finally minded to address decades-old vulnerabilities.

Dusty, moldy, prehistoric protocols from the 1980s and ’90s still underpin our phone networks. Full of security holes, they allow scrotes to track our locations—whether mobile or wired (ask your parents). The FCC is asking the industry to do something about it.

We’ve known about the problems since the mid-1990s. In today’s SB Blogwatch, we ask, “Why now?”
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Steamed Hams, but it’s Netflix.

Fast Enough for Government Work

What’s the craic? Suzanne Smalley reports, FCC to probe ‘grave’ weaknesses in phone network infrastructure:

Critical role
The … FCC says it is taking action to address significant weaknesses in telecommunications networks that can enable cybercrime and spying. The agency is investigating how vulnerabilities in the protocols Signaling System No. 7 (SS7) and Diameter … allow breaches, particularly by revealing consumers’ locations to malicious hackers and spies.

The commission’s Public Safety and Homeland Security Bureau is spearheading the effort. The FCC said … SS7 and Diameter play a “critical role” in U.S. telecommunications infrastructure [and] it wants to ensure the protocols’ vulnerabilities can’t allow hackers to “track” consumers’ locations.

Horse’s mouth? Rebecca Clinton and friends from the FCC’s Public Safety and Homeland Security Bureau: Requests Comment on Implementation of Measures to Prevent Location Tracking

Security countermeasures
Over the last several years, numerous reports have called attention to security vulnerabilities present within SS7 networks and suggest that attackers target SS7 to obtain subscribers’ location information. … The Diameter protocol provides the same services as SS7 and as a result presents similar vulnerabilities. [The] protocols are still the foundation for mobile telephone networks, especially for roaming capabilities.

The Bureau finds it is important to more specifically examine the area of location tracking. To that end, the Bureau seeks renewed public comment, including from communications service providers, … on the implementation and effectiveness of security countermeasures … with respect to location tracking.

Wait. Pause. “Over the last several years”? I feel like we’ve been talking about this for decades. Why now? A few weeks ago, Ryan Gallagher wrote, Senator Demands Overhaul of Telecom Security:

Trick the phone network
Foreign governments are abusing security flaws in mobile phone networks to secretly track Americans in the US and journalists and dissidents abroad, Senator Ron Wyden has warned. In a letter sent to President Joe Biden … Wyden [D-OR] is urging the White House to counter the threat by supporting a major overhaul of cybersecurity standards.

At the center of the senator’s concern is an obscure telecom protocol called SS7, [which] is used to route communications between phone networks. SS7 contains known security vulnerabilities that governments and private surveillance companies have exploited. … It can be used to trick the phone network itself into handing over communications or location information from a particular phone. Multiple companies are now providing foreign governments with these “phone company hacking services,” according to Wyden, [who] accuses CISA of “actively hiding information” about the problem.

Why didn’t the standards bodies do something? This Anonymous Coward has a long memory:

Back [in] 1994/95, … I was working on a system to monitor and manage SS7 networks. [We] discovered holes in the SS7 protocol.

The ITU didn’t want to know, so we shut up and mostly went to work in other industries. It was a disaster waiting to happen once PC CPU speeds [improved]. Then the latency of the SS7 network could be exploited by a hacker to inject packets and even shut down a link.

These days it is a lot easier.

Easy? Really, though? What’s the problem? ronsor neatly boils it down:

There are insecure SS7 nodes exposed to the Internet. I’ve seen them before.

Yikes. The FCC had better fix it—and fast. satsuke calls that a “tall order”:

I was an SS7 network engineer for 20 years. The problem will take much [more] than a few federal inquiries, because SS7 was built with almost no security. … In the 1970s, the only organizations that could talk on an SS7 network were other SS7 providers—namely large telcos and some businesses.

Diameter is better … but it’s still largely unencrypted. … There’s functionally no barrier to entry and telcos are obliged to interconnect on a non-preferential basis to prevent the fracturing of the telephone system (e.g., if Verizon decided to not interconnect a competitor’s customers).

Sounds like a tricky problem. Kevin McMurtrie draws comparisons with 5G/NR:

Faster — yes!
mmWave crazy fast — yes!
Edge compute power — OK, sure!
AI, robots, WFH surgeons — why not?
Unicorns — better believe it!
Fix legacy telco security — whoa, let’s be realistic.

Meanwhile, sounding slightly cynical, M0nkge thinks it’s “not needed anymore”:

This same flaw exists in foreign networks. Now that the US Intel agencies have a workaround, they gave the OK to fix it.

And Finally:

No, Mother. It’s Just the Northern Lights

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: Mike Meyers (via Unsplash; leveled and cropped)

Recent Articles By Author


文章来源: https://securityboulevard.com/2024/04/fcc-ss7-diameter-richixbw-2/
如有侵权请联系:admin#unsafe.sh