huge mobile phone security vulnerabilities - biggest breach of privacy ever.

[jos]

In an investigation into mobile security spanning three continents, has uncovered a security vulnerability that could affect any of us, and there’s nothing being done to stop it. “What it means is that your smartphone is an open book. “Criminals now have access to these huge security holes to steal your data and listen in to your calls. We know telephone companies know about it, we know security agencies know about it, but nothing is being done.” By tapping in to SS7, a signalling system in use by more than 800 telecommunication companies across the world.  hackers are able to listen in to conversations, steal information stored on mobile phones, and track the location of the phone’s user. 

The system,  has long been in use by spies and has been a secret of perpetrators of international espionage. It’s believed to be the very tactic used by Australian spies in tracking the phone calls of the wife of the Indonesian president. But recently, organised crime, commercial spies and potential terrorists have been exploiting this security loophole for their gain.

“The allegation in our story is the reason this security vulnerability has not been fixed is because it suits the spooks,”  “Until very recently corporate criminals didn’t know about it, but now it’s very clearly being misused by corporate and organised crime.”

Using a cryptophone, which allows the detection of the use of devices known as IMSI-catchers (International Mobile Subscriber Identity) that facilitate mobile eavesdropping, Coulthart said he was alerted to at least 10 devices trying to hack into his calls while in Sydney.

“I detected multiple intercepts, including right outside the Australian Stock Exchange,” he said.

“It’s pretty surreal to be standing outside the stock trading centre, and to be hacked. I hope it was law enforcement, but knowing how criminals use these devices there was a question mark in my mind.”

 

 

I never thought it was so easy.. SS7 is an adaptation of TCP/IP.. I think it can be extended to computer as well

Source; http://www.news.com.au/technology/gadgets/the-end-of-privacy-as-we-know-it-60-minutes-uncovers-huge-mobile-phone-security-vulnerabilities/story-fn6vihic-1227485884359

[babadoctor]

das not good

not good at all

What can we do to prevent tihs?

[jos]

das not good

not good at all

What can we do to prevent tihs?

Apparently nothing.. entire infrastructure needs to update.. which will cost billions

[babadoctor]

Apparently nothing.. entire infrastructure needs to update.. which will cost billions

Oh well

to all the hackers

PLEASE DONT STEAL MY DIC PIX

I NEED THOSE

also this is my 999th post: i will never post again

[SirNumbers]

Jesus Christ.

[Kyuubixchidori]

lol how many "biggest breach of privacy's ever" can we have per month? 

[Aniallation]

@jos Are you here just to post in tech news?

[Ohlyver]

By criminals can access our private datas and listen you our calls I hope you mean the government

[Dabombinable]

So is it affecting a specific phone OS such as Android? Or should I be worried about my old Sony Ericson k750i (which happens to also have vulnerabilities through its ancient version of Java) ?

[jos]

So is it affecting a specific phone OS such as Android? Or should I be worried about my old Sony Ericson k750i (which happens to also have vulnerabilities through its ancient version of Java) ?

SS7 is an architecture for performing out-of-band signaling in support of the call-establishment, billing, routing, and information-exchange functions of the public switched telephone network. hence it is independent of what phone you use.. I think since they are telling mobile phones.. the vulneribility may be in handshaking process of mobile tower to mobile phone

[Dabombinable]

SS7 is an architecture for performing out-of-band signaling in support of the call-establishment, billing, routing, and information-exchange functions of the public switched telephone network. hence it is independent of what phone you use..

Well shit. So not even my old Nokia brick would be safe.

[Decon]

what makes you think this could affect computers and why is it unpatchable?

[jos]

what makes you think this could affect computers and why is it unpatchable?

It is mentioned it is problem in SS7 ... just look at 10th post. It is just like telling, ip layer is broken.. then you need to upgrade all system that uses ip layer, routers, gateways etc.. here mostly all the BTS, if what i understood is correct

[Decon]

It is mentioned it is problem in SS7 ... just look at 10th post. It is just like telling, ip layer is broken.. then you need to upgrade all system that uses ip layer, routers, gateways etc.. here mostly all the BTS, if what i understood is correct

so would encrypting your traffic with a VPN help?

 

[Trik'Stari]

Oh I cannot WAIT to see the government try to explain their way out of this.

 

Seriously, gonna have to hire one premier c**k sucker to convince the general population that this was okay to ignore

[zacRupnow]

Apparently nothing.. entire infrastructure needs to update.. which will cost billions

 

das not good

not good at all

What can we do to prevent this?

Apparently nothing.. entire infrastructure needs to update.. which will cost billions

Google has billions, Google has Android, Android has mobile phone.

Apple has trillion billions, Apple has iOShit, iOShit has mobile phone.

 

They can either fix it or pay off anyone who wants to exploit it.

[zacRupnow]

Well shit. So not even my old Nokia brick would be safe.

That old 10lb sat-phone under my house might be safe.

[DigitalHermit]

Moving to encrypted two way radio then... Time to bring out the Enigma machine v. 2.0...

[Dabombinable]

That old 10lb sat-phone under my house might be safe.

One of those analogue ones?

[zacRupnow]

One of those analogue ones?

It has switches and dials, I'm sure it's analog and that it probably doesn't work anymore. Found it buried in my yard years ago, now it's somewhere under the house.

[Trik'Stari]

Moving to encrypted two way radio then... Time to bring out the Enigma machine v. 2.0...

Might as well just develop a code language with close friends and family. Let them listen to gibberish.

[Anthony10]

there's only one thing to do now

[ionbasa]

Well, thats what we deserve for using an protocol in use since the late 70s.

 

For those of you wondering, it affects, GSM (Mobile Application Part) and CDMA phones, along with general SMS, and possibly POTS landlines as well. SS7 is used throughout GSM, UMTS, and GPRS networks.

 

I would assume that calls placed over VoLTE are unaffected, since those rely on newer VoIP standards, but this is still scary to say the least.

[Muz]

If is anyone is interested in the full report on 60 minutes here's a link. http://www.9jumpin.com.au/show/60minutes/stories/2015/august/phone-hacking/

 

 

I'm not sure if you can watch it outside of Australia it's but worth a shot.

[Larunda]

Trust News.com.au to make it sound like the end of the world.