
Telecom Lobbyists Downplayed Security Flaws in Mobile Data Backbone - coldcode
https://motherboard.vice.com/en_us/article/7x9q8y/telecom-lobbyists-downplayed-theoretical-security-flaws-in-mobile-data-backbone
======
Hasknewbie
SS7 (the protocol whose security flaws are being downplayed here) was not
designed with security in mind, and so has been the subject of infosec
research for a few years now.

This is a CCC talk from 2014 (there are older ones) where Tobias Engel
demonstrates among other things tracking down a test subject over two
continents for about a month, via his non-tempered mobile phone, using only
SS7:
[https://www.youtube.com/watch?v=-wu_pO5Z7Pk](https://www.youtube.com/watch?v=-wu_pO5Z7Pk)

In the same talk he mentions that he is working with a German telecom operator
to resolve some of these issues. So as opposed to the US, it appears SS7 has
been hardened in the EU since at least 2014 for the type of attacks mentioned
in the Vice article... I really wonder why the US MNO are unwilling to act on
this, since it's (1) a well known vulnerability and (2) fixes (or at least
mitigations) have been implemented.

~~~
senectus1
yeah old news. makes the whole mobile system a joke.

