[AusNOG] SS7 hacked on 60 Minutes, an Australian Senators phone tapped from Germany

[Jason Ross]

> The IMSI Sniffers are pretty much redundant as they rely on GSM (2G)  operation, once phone
> Is in 3G or 4G LTE Network it does not work as It is encrypted and the IMSI appears to be 2G only
> (The DIY) ones anyway. You can purchase ones for $$$$$$ which work on 3G apparently.

This is my understanding too.
> 
> You would need to flood the network with a noise generator to get then into 2G mode and I am sure
> That will draw some attention :)

You would hope it would but never say never.
> 
> I have not looked into the SS7 in detail.


It’s been 10 years since I had anything to do with SS7, way back then this was all done over E1 links between carriers. You usually needed a some expensive gear to be able to monitor/analyse this traffic. I’m sure there are a lot of carriers that are doing this over IP now, which would only make it easier. 

If you are in a position to be able to sniff SS7 traffic you can see all of the signalling or call setup information you need to be able to intercept a call going over that network. Also if you have the ability to sniff SS7 traffic you probably have the ability to be able to sniff the voice channel too.

All very doable.

Jason



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150818/1edc89eb/attachment.html>