SS7 security issues reported on Techmeme? I did a double-take yesterday and, as Jay Cuthrell noted on Twitter, wondered if this was a “ThrowbackThursday” taken to the extreme. But no, there was indeed a report in the Washington Post about German security researchers discovering that aspects of SS7 signaling that could be used to listen to phone conversations and/or read text messages on mobile networks. As the article notes:
The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network.
The researchers noted that one of the attackers could get around existing encryption mechanisms used on mobile networks:
For calls or texts transmitted using strong encryption, such as is commonly used for advanced 3G connections, hackers could request through SS7 that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded.
SS7, or Signalling System 7, is of course the dominant set of telephony signaling protocols used in the legacy Public Switched Telephone Network (PSTN) made up of today’s wired and wireless (mobile) telephone networks. As such, we don’t write about SS7 hardly at all here on the VOIPSA blog as it is not related to VoIP.
However, there were three important thoughts to me coming out of this article:
1. VoIP can be more secure than the PSTN. The report mentions the encryption of the underlying 3G transport infrastructure being subverted. However, with VoIP apps that are “Over-The-Top” (OTT) riding on the mobile data network, the encryption can happen from within the app on one mobile device all the way to the app on the other mobile device – or at least back to a central set of servers. Now, there can be other security vulnerabilities with such a system, but the transport layer could at least be secured.
2. Telecommunication systems are only as secure as their weakest link – and are interconnected. The bigger concern is of course that most of our telecom systems are all interconnected… and you can have the most secure VoIP system in the world, but if you wind up connecting to the PSTN – and specifically in this case to mobile PSTN networks – then you are open to exactly these kind of attacks. Obviously if you are communicating only within an OTT “walled garden” where you only talk to others using the same OTT app you can be secure, but the moment you go out to the PSTN you are open to all the issues there.
3. Fixed lines are no safer if you talk to mobile users. The article ends with a German senator saying “When I really need a confidential conversation, I use a fixed-line phone“. I don’t know about that. For one thing, if the person you are calling is a mobile phone user, you are again open to these kind of attacks. Secondly the Snowden revelations of the past year have certainly shown us that large agencies have the ability to listen in to communications on the networks of the PSTN. If I absolutely want a confidential conversation, I’m personally going to use one of the VoIP applications that has end-to-end encryption. I’m NOT going to trust a fixed line any more than I would trust a mobile phone.
And I guess the final thought is of course that the legacy PSTN is full of security issues – they just aren’t necessarily as open to all to see because of the more closed nature of the traditional telephone networks.
A good reminder, though, that telephony security has always been a problem – and we need to ensure that both our VoIP and traditional networks have adequate security.
Meanwhile, it was rather fun to see SS7 mentioned on Techmeme… not something you’d expect to see!