A Geek With Guns

Chronicling the depravities of the State.

The Dangers of Insecure Internal Networks

without comments

It’s fairly well known that internally telephone networks operate on an insecure protocol called Signaling System 7 (SS7). How insecure is SS7? It has no mechanism for authentication so anybody able to access a network using SS7 can manipulate it. As you can imagine, gaining access to a global network that has no real authentication mechanism isn’t terribly difficult.

Security researchers have been warning about the dangers of SS7 for ages now but the telecom industry has shown little motivation to transition away from the insecure protocol. Now there is a Tor hidden service that claims to sell the ability to track individual phones using the SS7 protocol:

For years, experts have warned of vulnerabilities in the network that routes phone calls and cellular service — but those attacks may be more widespread than anyone realized. For more than a year, a Tor Hidden Service has been offering ongoing access to telecom’s private SS7 network for as little as $500 a month. Combined with known vulnerabilities, that access could be used to intercept texts, track the location of an individual phone, or cut off cellular service entirely.

Accessible on Tor at zkkc7e5rwvs4bpxm.onion, the “Interconnector” service offers a variety of services charged as monthly fees, including $250 to intercept calls or texts, $500 for full access, or $150 for cellphone reports (including location data and IMSI numbers). Well-heeled users can even pay $5,500 for direct access to the SS7 port, billed as “everything you need to start your own service.”

I checked the hidden service address and it appears that the site either went darker or never had much in the way of public information. Now it only lists an XMPP address to contact. However, while the service may or may not actually provide what it claims, the fact that it technically could offer such services should give people cause for concern.

SS7 is another example of the insecure legacy protocol that operates critical infrastructure. Considering the number of these legacy protocols being used to operate critical infrastructure, it’s a wonder that there aren’t more stores like this one.

Written by Christopher Burg

June 14th, 2017 at 10:00 am