

SS7: Locate. Track. Manipulate [video] - moe
http://streaming.media.ccc.de/relive/6249/
Tobias Engel demonstrates (amongst other things):<p>* How to find out the phone numbers of nearby cellphones<p>* How to track the location of a cellphone that you only know the phone number of<p>* How intercept outgoing calls of nearby cellphones
======
moe
Actual talk starts at 00:16:00 into the video.

Tobias Engel demonstrates (amongst other things):

* How to find out the phone numbers of nearby cellphones

* How to track the location of any cellphone worldwide that you only know the phone number of

* How intercept outgoing calls of nearby cellphones (to record and/or re-route to a different number)

------
dsl
I've learned more about how to efficiently seat people in an auditorium than I
ever needed to know.

But on a serious note, conference organizers should play close attention to
how CCC does stuff and replicate it. The pre-talk on screen information is
amazing and useful.

~~~
voltagex_
The streaming set up is world class, they have a freaking _DECT_ setup for
live translation inside the hall and the NOC is second to none. I'm very
jealous of those attending.

~~~
lgeek
They have a GSM network too:
[http://events.ccc.de/congress/2014/wiki/Static:GSM](http://events.ccc.de/congress/2014/wiki/Static:GSM)

------
wirefloss
All TDM and Sigtran signaling links of world-wide SS7 network are configured
manually peer-to-peer. The signaling traffic including SMS texts travels
mostly unencrypted. Hence it's next to impossible to get a real SS7 Pcap log
(requires an NDA), let alone access to the SS7 network, unless you work with a
network operator.

~~~
moe
_it 's next to impossible to get access to the SS7 network_

Tobias claims the opposite in the video. He says you can easily rent access
from a Carrier (e.g. Verizon) or buy a Femtocell[1][2].

Both approaches seem rather affordable ("hundreds of dollars").

[1]
[http://en.wikipedia.org/wiki/Femtocell](http://en.wikipedia.org/wiki/Femtocell)

[2] [http://www.thinksmallcell.com/Examples/where-can-i-buy-a-
fem...](http://www.thinksmallcell.com/Examples/where-can-i-buy-a-
femtocell.html)

~~~
at-fates-hands
Apparently the attack vector is pretty small considering:

[http://www.digitaltrends.com/mobile/femtocell-verizon-
hack/](http://www.digitaltrends.com/mobile/femtocell-verizon-hack/)

 _Fortunately for Verizon customers, the company has since issued a patch to
all affected femtocells. Sprint currently offers a femtocell that is similar
to the vulnerable models from Verizon, but the company has said it plans to
discontinue the device. And while AT &T also offers femtocells, it requires an
extra level of authentication that makes much of the iSEC Partner’s findings
irrelevant. Still, says Ritter, the femtocell vulnerability is a major
problem._

And

 _Ritter suggests that all carriers that offer femtocells require owners to
provide a list of approved devices that are allowed to connect to their
femtocell. And also prevent customers’ cell phones from connecting to any
unauthorized femtocell._

~~~
moe
Pretty small?

Verizon was just used as an example here, the same attack vector applies to
every mobile carrier in the world.

~~~
wirefloss
The Verizon vuln referenced above seems has nothing to do with SS7. Femtocell
is rooted, and only cell phones in a close proximity are vulnerable. I thought
the presentation in Hannover deals with a much broader issue. And yes,
femtocell may be potentially a gateway to the remote hacking of MSC, HLR, etc.
Unfortunately I have not seen the presentation, so I can't be sure what it's
about.

------
sounds
Should be easy to transcode using VLC and post on YouTube, anyone not on
Comcast able to do that for the rest of us?

~~~
ingomaro
What's the issue with comcast (with respect to these videos?)

~~~
rsync
Yes - please elaborate as to how access is different coming from comcast ?

------
Timmmmmm
This is pretty shocking. Shame it is technical enough that it will probably
not become mainstream news.

~~~
dmix
It has already been getting news coverage for the last week or two, including
Washington Post:

[http://www.washingtonpost.com/blogs/the-
switch/wp/2014/12/18...](http://www.washingtonpost.com/blogs/the-
switch/wp/2014/12/18/german-researchers-discover-a-flaw-that-could-let-anyone-
listen-to-your-cell-calls-and-read-your-texts/)

