Vodacom and MTN respond to questions about SS7

Jan

Who's the Boss?
Staff member
Joined
May 24, 2010
Messages
13,687
Reaction score
11,433
Location
The Rabbit Hole
Major cellular network security flaw

Flaws in a signalling protocol used by telephone networks worldwide allow attackers to track mobile devices and intercept calls and SMS messages — all without compromising or infecting the target phone.

The security vulnerabilities are in Signalling System 7 (SS7), a standard developed in the 1970s for traditional telephone networks to manage call set-up, management, and teardown.
 
Vodacom and EMPTY-N just providing politically correct answers as usual.
Telkom Mobile would of course not respond. Their network has been infiltrated and I know this from experience.

This is an old, unpatched vulnerability. Did you know Jan, that during my apprenticeship, back in 1996 I could listen in to any call in South Africa. Bet you didn't know that Telkom had a spy section too. Not men in black, rather men in crappy chinos and grey shirts
 
FS.11 is a voluntary standard guideline, with with no enforcement or certification whatsoever 😁

Strawberry flavoured Kool-Aid.
 
Major cellular network security flaw

Flaws in a signalling protocol used by telephone networks worldwide allow attackers to track mobile devices and intercept calls and SMS messages — all without compromising or infecting the target phone.

The security vulnerabilities are in Signalling System 7 (SS7), a standard developed in the 1970s for traditional telephone networks to manage call set-up, management, and teardown.
"Vodacom said that it has mandatory, minimum-security requirements that are periodically assessed by an independent mobile network security entity."

wahahaha yeah... some of us on here will know who that entity is lol.
 
Vodacom and EMPTY-N just providing politically correct answers as usual.
Telkom Mobile would of course not respond. Their network has been infiltrated and I know this from experience.

This is an old, unpatched vulnerability. Did you know Jan, that during my apprenticeship, back in 1996 I could listen in to any call in South Africa. Bet you didn't know that Telkom had a spy section too. Not men in black, rather men in crappy chinos and grey shirts
So could these ladies.

 
"Vodacom said that it has mandatory, minimum-security requirements that are periodically assessed by an independent mobile network security entity."

wahahaha yeah... some of us on here will know who that entity is lol.
And yet their network has been one that's known for SIM swaps
I also know who that entity is.
 
In the early 2000s, my employer, a WASP, uncovered a thrilling cybercrime plot. A notorious SS7 syndicate had hacked into a brand-new network in West Africa.

Unbelievably, they set up a sneaky premium shortcode and unleashed massive amounts of traffic through it. The audacious scheme would have gone unnoticed if not for a brilliant discovery during a scheduled daily two-hour downtime. Surprisingly, even when the network was supposed to be quiet, activity was still streaming in!

This massive operation involved cunning criminals spanning across Africa, Europe, and North America.
 
Vodacom and EMPTY-N just providing politically correct answers as usual.
Telkom Mobile would of course not respond. Their network has been infiltrated and I know this from experience.

This is an old, unpatched vulnerability. Did you know Jan, that during my apprenticeship, back in 1996 I could listen in to any call in South Africa. Bet you didn't know that Telkom had a spy section too. Not men in black, rather men in crappy chinos and grey shirts
There is also a thing called "Lawful Interception" that all suppliers must comply with. This is so that government can listen in on your call without you knowing.
 
Well this isn't surprising. Public telephone networks were never designed to be secure but to allow spying.
 
There is also a thing called "Lawful Interception" that all suppliers must comply with. This is so that government can listen in on your call without you knowing.
I don't know how that is done nowadays, RICA was long after my time in the game.
As I understand it, its more about the metadata they want, so basically they want the stuff inside the SS7, when it's nicely parsed and matched up with the audio timeslot for voice, and generally with the TCP stuff in another domain. My general impression is that Big Brother expects the telcos to serve it up to them dressed in a frilly dress and lipstick.
 
In the early 2000s, my employer, a WASP, uncovered a thrilling cybercrime plot. A notorious SS7 syndicate had hacked into a brand-new network in West Africa.

Unbelievably, they set up a sneaky premium shortcode and unleashed massive amounts of traffic through it. The audacious scheme would have gone unnoticed if not for a brilliant discovery during a scheduled daily two-hour downtime. Surprisingly, even when the network was supposed to be quiet, activity was still streaming in!

This massive operation involved cunning criminals spanning across Africa, Europe, and North America.
I can believe that. I have similar stories to tell.
In 1998 I was instructed to check what a certain dentist consulting room was doing with their E1 30/32 PCM link.
That meant also capturing the SS7 signaling on that thing on the other end in the EWSD switched network.
Take a stab what that guy was doing?
Offering overseas calls at slightly higher than local rates, which were indeed charged at local rates plus a bit which he pocketed. Of course Telkom had him locked up, but as I recall he skipped the country and was never seen again.
 
Major cellular network security flaw

Flaws in a signalling protocol used by telephone networks worldwide allow attackers to track mobile devices and intercept calls and SMS messages — all without compromising or infecting the target phone.

The security vulnerabilities are in Signalling System 7 (SS7), a standard developed in the 1970s for traditional telephone networks to manage call set-up, management, and teardown.
ouTuber Derek Muller, better known as Veritasium, recently demonstrated an SS7 attack against Linus Sebastian from Linux Tech Tips.

Lol @ Linux Tech Tips.
 
Major cellular network security flaw

Flaws in a signalling protocol used by telephone networks worldwide allow attackers to track mobile devices and intercept calls and SMS messages — all without compromising or infecting the target phone.

The security vulnerabilities are in Signalling System 7 (SS7), a standard developed in the 1970s for traditional telephone networks to manage call set-up, management, and teardown.

Stop liking this guys articles and posts. They are not original, but rehashed from real investigative articles.
 
Strange how very little coding was ever written properly and how many glaring back doors were built into the systems. Back doors only become vulnerabilities once they have been exposed. Little wonder companies couldn't keep their clients data safe even if they tried.
 
Top
Sign up to the MyBroadband newsletter