Monthly Archives: December 2014

SS7 Security On Techmeme? A Reminder About Interconnected Systems…

techmeme-ss7SS7 security issues reported on Techmeme?  I did a double-take yesterday and, as Jay Cuthrell noted on Twitter, wondered if this was a “ThrowbackThursday” taken to the extreme.  But no, there was indeed a report in the Washington Post about German security researchers discovering that aspects of SS7 signaling that could be used to listen to phone conversations and/or read text messages on mobile networks.  As the article notes:

The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network.

The researchers noted that one of the attackers could get around existing encryption mechanisms used on mobile networks:

For calls or texts transmitted using strong encryption, such as is commonly used for advanced 3G connections, hackers could request through SS7 that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded.

SS7, or Signalling System 7, is of course the dominant set of telephony signaling protocols used in the legacy Public Switched Telephone Network (PSTN) made up of today’s wired and wireless (mobile) telephone networks.  As such, we don’t write about SS7 hardly at all here on the VOIPSA blog as it is not related to VoIP.

However, there were three important thoughts to me coming out of this article:

1. VoIP can be more secure than the PSTN. The report mentions the encryption of the underlying 3G transport infrastructure being subverted.  However, with VoIP apps that are “Over-The-Top” (OTT) riding on the mobile data network, the encryption can happen from within the app on one mobile device all the way to the app on the other mobile device – or at least back to a central set of servers.  Now, there can be other security vulnerabilities with such a system, but the transport layer could at least be secured.

2. Telecommunication systems are only as secure as their weakest link – and are interconnected.  The bigger concern is of course that most of our telecom systems are all interconnected… and you can have the most secure VoIP system in the world, but if you wind up connecting to the PSTN – and specifically in this case to mobile PSTN networks – then you are open to exactly these kind of attacks.  Obviously if you are communicating only within an OTT “walled garden” where you only talk to others using the same OTT app you can be secure, but the moment you go out to the PSTN you are open to all the issues there.

3. Fixed lines are no safer if you talk to mobile users. The article ends with a German senator saying “When I really need a confidential conversation, I use a fixed-line phone“.  I don’t know about that.  For one thing, if the person you are calling is a mobile phone user, you are again open to these kind of attacks.  Secondly the Snowden revelations of the past year have certainly shown us that large agencies have the ability to listen in to communications on the networks of the PSTN.  If I absolutely want a confidential conversation, I’m personally going to use one of the VoIP applications that has end-to-end encryption. I’m NOT going to trust a fixed line any more than I would trust a mobile phone.

And I guess the final thought is of course that the legacy PSTN is full of security issues – they just aren’t necessarily as open to all to see because of the more closed nature of the traditional telephone networks.

A good reminder, though, that telephony security has always been a problem – and we need to ensure that both our VoIP and traditional networks have adequate security.

Meanwhile, it was rather fun to see SS7 mentioned on Techmeme… not something you’d expect to see!

Verizon Launches Voice Cypher Secure VoIP Mobile App… With A Government Backdoor

Verizon Wireless this week did something that initially seemed quite impressive – they launched “Voice Cypher”, an app available for iOS, Android and Blackberry that promises secure end-to-end encryption. It uses VoIP and is an “over-the-top” (OTT) app that works on any carrier.  If you read the marketing material on their web site, it all sounds great!  Indeed their “Learn More” page has all the right buzzwords and security lingo – and says quite clearly: Voice Cypher provides end-to-end encryption between callers, even if the call crosses over multiple networks.” They include the requisite network diagram that shows how it protects against all threats:

Verizon Wireless Voice Cypher

It turns out there’s just one small little detail … as reported by BloombergBusinessweek, the app comes complete with a backdoor so that Verizon could decrypt the phone calls if requested to do so by law enforcement!

As the Businessweek article states:

Cellcrypt and Verizon both say that law enforcement agencies will be able to access communications that take place over Voice Cypher, so long as they’re able to prove that there’s a legitimate law enforcement reason for doing so.

Unfortunately, in this post-Snowden era I don’t know that many of us put a great amount of trust in our governments to only access communications with a “legitimate law enforcement reason”.  Or perhaps the concern is that what gets classified as “legitimate” can be widely construed to mean almost anything.

The article does point out that Verizon is bound by CALEA to provide lawful intercept  to the phone networks, but points out an interesting caveat that Verizon could have used:

Phone carriers like Verizon are required by U.S. law to build networks that can be wiretapped. But the legislation known as the Communications Assistance for Law Enforcement Act requires phone carriers to decrypt communications for the government only if they have designed their technology to make it possible to do so. If Verizon and Cellcrypt had structured their encryption so that neither company had the information necessary to decrypt the calls, they would not have been breaking the law.

A Verizon Wireless representative indicated that they believe government agencies looking for ways to protect sensitive information may be  customers of this service, as may be corporate customers concerned about leaking private information.

But… as we continue to hear more and more information about the massive amount of pervasive monitoring and surveillance by government agencies from many different governments around the world, you do have to wonder how safe those agencies and companies will feel with a “secure” solution that already comes with a backdoor.  The problem with a known backdoor is that even if you may trust Verizon Wireless to only allow legitimate law enforcement access… how do you know that some attacker may not be able to penetrate that backdoor?   The “secure end-to-end encryption” isn’t entirely secure.

Given that the service has a higher price tag of $45 per month per device, I do wonder how many businesses or agencies will actually embrace the service.

On reading about this Voice Cypher service, it certainly sounds quite interesting.  We need more secure voice solutions out there – and it’s very cool that Verizon Wireless is delivering this as an OTT mobile app that will work across different carriers.

It’s just too bad that it’s not truly “secure end-to-end”.  🙁

P.S. I also recorded an audio commentary on this same topic.