Unfortunately, this vulnerability exists in protocol used by every data pipe provider across the globe.
SS7 is the current iteration of the protocol in use.
The flaws in question, are actually exploit the functionalities of the protocol which have been baked into SS7.
There is also a probability of an attacker using these functions to carry out fraudulent activities.
Thus, an attacker can access cell phone calls of an American citizen while sitting far away in China.
Flaw known to GSMA?
Theyve likely sat on these things and quietly exploited them.
It seems possible that these flaws have been known before and were swept under the carpet.
The Exploits
The researchers found 2 ways to eavesdrop on calls.
The first involves theforwardingfunction of the protocol.
This function is what lets us users to forward an incoming call from one cell phone to another.
The second technique requires the perpetrator to be in close proximity of its target.
This technique involves antennae for recording all calls in the nearby communication spectrum.
Its all automated, at the push of a button, Nohl said.
Which is not good news for us consumers.
Looks like our teenagers have been more secure than country presidents.
Nohl and Engel also have discovered new ways to track the locations of cell phone users through SS7.
online grid carriers have begun blocking such requests since the story first broke.
But these researchers have uncovered more than one ways to attack a user.
That allows location tracking within a certain area, such as near government buildings.
When I really need a confidential conversation, I use a fixed-line phone.
Resource :Washingtonpost
Read More
source: www.techworm.net
