[AusNOG] SS7 hacked on 60 Minutes, an Australian Senators phone tapped from Germany

Mister Pink misterpink at gmail.com
Wed Aug 19 14:42:45 EST 2015 

The first thing that struck me was the claim that any phone can be hacked
from anywhere in the world.  They then went on to demonstrate by
intercepting a call from a Journo in a basement stood next to them using an
IMSI Catcher. To me this says, anywhere in the world, provided that the a
or b party is nearby, and probably in an area with poor mobile signal?

As for the geolocation data, I suspect that this is done with an SS7 hack
that relies on them sending silent SMS messages, this can be done from
anywhere in the world, but that's not quite the same thing as listening in
to calls.



On 18 August 2015 at 22:34, Jason Ross <jason at ethisec.com.au> wrote:

>
> The IMSI Sniffers are pretty much redundant as they rely on GSM (2G)
>  operation, once phone
> Is in 3G or 4G LTE Network it does not work as It is encrypted and the
> IMSI appears to be 2G only
> (The DIY) ones anyway. You can purchase ones for $$$$$$ which work on 3G
> apparently.
>
>
> This is my understanding too.
>
>
> You would need to flood the network with a noise generator to get then
> into 2G mode and I am sure
> That will draw some attention :)
>
>
> You would hope it would but never say never.
>
>
> I have not looked into the SS7 in detail.
>
>
>
> It’s been 10 years since I had anything to do with SS7, way back then this
> was all done over E1 links between carriers. You usually needed a some
> expensive gear to be able to monitor/analyse this traffic. I’m sure there
> are a lot of carriers that are doing this over IP now, which would only
> make it easier.
>
> If you are in a position to be able to sniff SS7 traffic you can see all
> of the signalling or call setup information you need to be able to
> intercept a call going over that network. Also if you have the ability to
> sniff SS7 traffic you probably have the ability to be able to sniff the
> voice channel too.
>
> All very doable.
>
> Jason
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150819/364a0460/attachment.html>

More information about the AusNOG mailing list