Febin's Knowledge Garden

Appearance

SS7 Attacks ​

I watched Veritasium's video on hacking Linus. These are some interesting things I found:

  • Steve Jobs and Wozniak's first product, Blue box ,hacked phone lines in the 1970s, showcasing early telecom vulnerabilities. It called the Pope from the US without paying any charges. This is because of the way control lines on phone systems work. They used to rely on sounds from button presses and specific frequencies to connect and disconnect.
  • SS7 attacks happen because of the insecure infrastructure that is also the backbone for 3G and 2G. Since these are still being widely used in legacy systems, they cannot be phased out for at least the next 20 years.
  • The attack relies on malicious GTs (Global Titles). The telecos rely on agreements between providers to provide roaming coverage for users. This is exploited by hackers who pay/lease GTs from providers illegally, and use that to rewrite a lot of the requests. In effect, the hacker only needs the mobile number of the user and nothing else. No click/interaction is required.
  • This attack can be used to steal calls, sms and anything over these lines. Moreover, the user's exact location can be tracked too. This was used by the Emiratis to track down the daughter of the ruler of Dubai (who is also the Vice President and the Prime Minister) in International waters, near India. https://en.wikipedia.org/wiki/Latifa_bint_Mohammed_Al_Maktoum\_(born_1985)
  • The NSO group, the ones behind Pegasus, reportedly offered bags of cash to telecos to access the network.
  • Although 5G networks are more secure, since they have to interoperate with 2G and 3G, the vulnerability still exists. This is one of the most widespread, effective yet affordable vulnerability to exist.
  • Some improvement has been made after this was revealed in 2014. Telecos have started to block requests from third-parties for location requests of it's customers and more request blocks are being implemented.