Tag Archive for T

Scary SS7 Flaw Strikes Banks

Scary SS7 Flaw Strikes BanksLost in last month’s hub-bub over WannaCry ransomware was the revelation that hackers had successfully exploited the SS7 “flaw” in January 2017. In May reports surfaced that hackers were able to remotely pilfer German bank accounts by taking advantage of vulnerabilities in Signaling System 7 (SS7). SS7 is a standard that defines how to public phone system talks to itself to complete a phone call.

Telephone system Signaling System 7 The high-tech heist was initially reported by the German newspaper Süddeutsche Zeitung (auf Deutsch). The attack was  a sophisticated operation that combined targeted phishing emails and SS7 exploits to bypass two-factor authentication (2FA) protection. This is the first publicly known exploit of SS7 to intercept two-factor authentication codes sent by a bank to confirm actions taken by online banking customers.

According to ars technica the attack began with traditional bank-fraud trojans. These trojans infect account holders’ computers and steal the passwords used to log in to bank accounts. From there, attackers could view account balances, but were prevented from making transfers without the one-time password the bank sent as a text message. After stealing the necessary login details via phishing emails, the perpetrators leveraged the SS7 flaw to intercept the associated mTAN (mobile transaction authentication numbers) authentication codes sent to the victims — messages notifying them of account activity — to validate the transactions and remain hidden, investigators say.

Central office equipmentGerman Telecommunications giant O2-Telefonica confirmed details of the SS7-based cyber attacks to the newspaper. Ars says, in the past, attackers have obtained mTANs by obtaining a duplicate SIM card that allows them to take control of the bank customer’s phone number. SS7-facilitated compromises, by contrast, can be done remotely on a much larger quantity of phone numbers.

O2 Telefonica confirmed to Help Net Security that the attackers were able to gain access to the network of a foreign mobile network operator in January 2017. The attackers likely purchased access to the foreign telecommunications provider – this can apparently be done for less than 1,000 euros – and have set up call and SMS forwarding.

Ford Road CO in Dearborn Mi is the Oregon officeTwo-factor authentication (2FA) is a security process in which the user provides two authentication factors to verify they are who they say they are.  2FA provides an extra layer of security and makes it harder for attackers to gain access to a person’s devices and online accounts, because knowing the victim’s password alone is not enough to pass the authentication check. Two-factor authentication has long been used to control access to sensitive systems and data, and online services are increasingly introducing 2FA to prevent their users’ data from being accessed by hackers who have stolen a password database or used phishing campaigns to get users’ passwords.

News of the incident prompted widespread concern online. Security advocates railed against the popular and continuous use of text messages to authenticate account information while growing evidence suggests that SS7 is an unsafe channel to deliver such data. Security experts told ars that the same SS7-centric hacking techniques used against German banks will become increasingly prevalent in the future, forcing organizations to reconsider how they authenticate user activity.

Cris Thomas, a strategist at Tenable Network Security warns in the article:

Two-factor authenticationWhile this is not the end of 2FA, it may be the end of 2FA over SS7, which comprises a majority of 2FA systems … Vulnerabilities in SS7 and other cellular protocols aren’t new. They have been presented at security conferences for years … there are other more secure protocols available now that systems can switch to…

Cyber security researchers began issuing warning about this flaw in late 2014 about dangerous flaws in SS7. I wrote about the SS7 flaw in September of 2016  and in March 2107. Maybe this will be the wake up call for the carriers. One industry insider quipped:

This latest attack serves as a warning to the mobile community about what is at stake if these loopholes aren’t closed … The industry at large needs to go beyond simple measures such as two-factor authentication, to protect mobile users and their data, and invest in more sophisticated mobile security.

man-in-the-middle attackIn 2014 security researchers first  demonstrated that SS7 could be exploited to track and eavesdrop on cell phones. This new attack is essentially a man-in-the-middle attack on cell phone communications. It exploits the lack of authentication in the communication protocols that run on top of SS7.

Developed in 1975, today, over 800 telecommunications companies around the world, including AT&T (T) and Verizon (VZ), use SS7 make sure their networks interoperate. This technology has not kept up with modern times.  In May 2017, Wired published an article which explains some of the ways to secure SS7. Overcoming SS7 insecurity requires implementing a series of firewalls and filters that can stop the attacks. Researchers Wired spoke to suggest that adding encryption to SS7 would shield network traffic from prying eyes and bolster authentication. Both of these changes are unpopular with the carriers, because they cost money and can impact the network core, so don’t expect any network changes to address the SS7 flaw anytime soon.

Carriers should use SS7 firewall to secure the SS7 networkThe Register reports that the FCC’s Communications Security, Reliability and Interoperability Council found that the proposed replacement for SS7 on 5G networks, dubbed the Diameter protocol has security holes too.

In March 2017, Oregon Sen. Ron Wyden and California Rep. Ted Lieu sent a letter to Homeland Security’s John Kelly requesting that DHS investigate and provide information about the impact of SS7 vulnerabilities to U.S. companies and governmental agencies. Kelly has not responded to the letter, according to the Wired article.

Of course the TLA’s would never use this “flaw” in SS7 to spy on us.

The Guardian says that given that the SS7 vulnerabilities reside on systems outside of your control, there is very little you can do to protect yourself beyond not using the services.

PoliticianThey recommend for text messages, avoiding SMS and instead using encrypted messaging services such as Apple’s (AAPL) iMessage, Facebook‘s (FB) WhatsApp or the many others available will allow you to send and receive instant messages without having to go through the SMS network to protect your messages from surveillance.

For calls, the Guardian recommends using a service that carries voice over data rather than through the voice call network. This will help prevent your calls from being snooped on. Messaging services including WhatsApp permit calls. Silent Circle’s end-to-end encrypted Phone service or the open-source Signal app also allow secure voice communications.

protect yourself Your location could be being tracked at any stage when you have your mobile phone on. The only way to avoid it is to turn off your phone or turn off its connection to the mobile phone network and rely on Wi-Fi instead.

Related articles

Ralph Bach has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

AT&T Tries BPL

ATT Tries BPLIt’s alive, It’s alive. BPL has risen from dead. Longtime readers of the Bach Seat, know the history of Broadband over Powerline. I covered it many years ago here, here and here. Imagine my surprise when there were a number of articles popping up all over the interwebs touting AT&T’s (T) try at BPL 10 years after everybody else.

BroadbandComputerWorld described this latest incarnation of BPL from AT&T as a low-cost, high-speed wireless internet technology. This time BPL relies on plastic antennas positioned along medium-voltage power lines and not through the conductive materials inside the power lines. FierceTelecom says that AT&T will attach the plastic antennas to the power lines and serve as a mesh network to distribute signals to homes and businesses. The Project AirGig low-cost plastic antennas and devices will regenerate millimeter wave (mmWave) signals. Millimeter wave technology relies on electromagnetic waves that are longer than x-rays but shorter than radio waves (they are found in the 10 mm to 1 mm range and are also known as extremely high frequency waves according to New Atlas. The EHF waves can be used for 4G LTE and 5G multi-gigabit mobile and fixed deployments.

John Donovan, chief strategy officer and group president of AT&T technology and operations, told FierceTelecom that Project AirGig delivers last-mile access without any new FTTH technology and is flexible enough to be configured with small cells or distributed antenna systems.

Broadband over PowerlineTo test the technology, AT&T is looking for a place somewhere in the next year with a favorable regulatory environment, since the carrier would need to partner with an existing electric utility. John Donovan, chief strategy officer for AT&T said the trial could be in an area where existing broadband is expensive, even in the U.S.

The AirGig project relies on over 100 patents, according to an AT&T statement. There is no direct electrical connection to the power lines, although network components could receive their needed power through inductive wireless electricity from the near by power lines, AT&T Chief Technology Officer Andre Fuetsch explained to Computerworld.

AT&TAT&T said the testing will decide what frequency AirGig will use for commercial deployment, which could occur sometime around 2020, after the carrier rolls out 5G wireless. The frequency AT&T uses will affect the range of the signal and the speed, as well as whether it is over a licensed or unlicensed band. This decision is important if AT&T plans to use BPL as another weapon in its fight with Google Fiber. Earlier versions of BPL were incapable of delivering the Google (GOOG) promised Gigabit of Internet access.

“It’s a transformative technology that delivers low-cost and multigigabit speeds using power lines,” AT&T’s Donovan said, “There’s no need for enhancements for new towers, and it’s over existing infrastructure.”

Google promised gigabit of Internet accessAirGig has already been tested in outdoor locations on campus settings. “We’ve had it up and running 4k video and cameras on campuses for quite some time,” Mr. Donovan said.

Besides using the AirGig technology as an alternative broadband service delivery option, for urban, rural and underserved markets AT&T wants to convince the electrical utility industry to apply AirGig technology to their unique needs. ComputerWorld says utility companies would be able to use the technology to help spot problems on its power lines from something like a downed tree or cracks in the cable sheath.

rb-

New Atlas points out that earlier this year, a millimeter wave technology system set a new world record for wireless data transmission by sending data at 6 Gbps. The technology is also showing up in other applications, including heart-rate monitors, car-safety systems, and luggage scanners.

AirGig  could be profitable for AT&T. If they can make a deal with an electrical company, they can avoid expensive make ready. Which Google Fiber is struggling mightily with. By using power lines, AirGig avoids the cost of digging trenches to lay fiber optic cable.

Still, questions remain about how the this version of BPL will do in the real world.

  • What impact will heavy rain, snow or ice have on the signal?
  • What if a tree branch falls on a power line or the lines are swinging in the wind?
  • Since mmWave transmissions need a direct line-of-sight between antennae, what happens when critters like birds or squirrels decide to perch on the antennae? Will that lead to outage?

The ham radio lobby will likely be up in arms again when they find AT&T still likes the idea of BPL in the 30-300 GHz bands. The ARRL was a key player in killing BPL 1.0.

 

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

T-Mobile Ordered to Turn Over Most Customer Info

T-MT-Mobile Ordered to Turn Over Most Customer Infoobile received the most government requests for subscriber data in 2014 according to a report from CNET. U.S. governments made nearly 351,940 requests for data from T-Mobile (TMUS) in 2014. The author, Roger Cheng states that the 351,940 government requests for data is the most out of any of the four national wireless carriers.

T-Mobile logoThe number 4 U.S. carrier by subscriber base recently released its first transparency report. The article breaks down the government requests for T-Mobile information:

  • 177,549 criminal and civil subpoenas
  • 17,316 warrants
  • 3,000+ wiretap orders
  • Between 2,000 and 2,250 national security requests,
  • 8 requests from foreign governments.

These numbers represent an 11% increase in government demands for subscriber information over last 2013.

The article claims that Verizon and AT&T each have twice as many customers, but T-Mobile fielded more requests than its rivals.

  • Verizon (VZ) with 132 million subscribers in Q4 of 2014, saw 287,559 government requests.
  • AT&T (T), with nearly 121 million subscribers in Q4 of 2014, saw 263,755 government requests,
  • Sprint (S) with 55.5 million subscribers in Q4 of 2014, saw 308,937 government requests.
  • T-Mobile with just over 55 million subscribers in Q4 of 2014, saw 351,940 government requests.

Here is how the four wireless carriers government information requests compare.

CarrierSubscribersSupeanasWarrantsWireTap OrdersTotal Requests
Verizon132 million138,158`31,2141,433351,940
AT&T121 million201,75420,9852,420263,755
Sprint55.5 million308,93713,5403,772308,936
T-Mobile55 million177,43917,3163,087251,940
Totals358.5 million826,28883,05510,7121,176,571

Transparency reports have become increasingly popular over the past year as civil liberties groups, shareholder and consumer advocates have pressured companies to be more open about when they disclose customer information. The article claims T-Mobile was the last of the four national carriers to issue a transparency report, which comes amid continued scrutiny of surveillance programs run by U.S. three letter agencies and friends— including the bulk collection of phone call data — that were revealed when former NSA contractor Edward Snowden leaked classified government documents.

The author notes that companies aren’t under legal obligation to show the data in transparency reports, but have been willing to share with the hope that the reports will help repair their reputations, which have been damaged by the Snowden revelations of the past two years.

rb-

surveillance programs This data only represents data requests where they bothered to follow U.S. laws to legally request data. How much more is there sitting in a data warehouse in the sky?  

Why is the T-Mobile number so high? Is it bad luck? Do they fight the requests the most? Are they playing ball with the TLA’s?  We may never know. VentureBeat speculates that the best way to measure how willing T-Mobile works with the government is by looking at the percentage of government requests to which T-Mobile delivered data. But T-Mobile refused to offer that information to VentureBeat.

“Regarding the additional question on breaking out the numbers further than what’s currently provided in the report, our systems were not designed to track the kind of detailed reporting that other companies engage in today,” a T-Mobile spokesperson wrote to VentureBeat.

Ralph Bach has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

2Gbps Coming To The D

2Gbps Coming To The D Not so long ago, Comcast was leaving Detroit. Now, the embattled cable provider has announced it is ramping up its 2 Gbps fiber-to-the-home (FTTH) campaign in Motown. FierceTelecom reports that Comcast will bring its Gigabit Pro service to about 1.5 million homes in Michigan. The service provider said it will offer Gigabit Pro to residential customers in Detroit, Flint, Grand Rapids, Jackson and Lansing. Tim Collins, senior vice president of Comcast Cable’s Heartland Region, said in a release that the company’s move into Michigan is designed to address “tech-savvy residents who have a need for even faster speeds.”

Similar to other markets where it has announced plans to deliver Gigabit Pro, homes that live in near Comcast’s fiber network will be eligible to get Gigabit Pro service. Customers will have to have a technician install an optical network terminal and related equipment at their home for the service. In addition to the metro-Detroit area, Comcast plans to offer 2 Gbps service in Benton Harbor and St. Joseph (as part of the Greater Chicago region).

Comcast has not yet disclosed what it will charge for the Gigabit Pro offering. The author cites a DSL Reports article, Comcast was planning a $299 per month price tag for the service, which would make it much more expensive than Google’s $70 per month Google Fiber service or AT&T’s (NYSE: T) $120 per month charge for its gigabit services. However, it’s unclear if Comcast will adhere to that pricing when it does launch service.

The article says today, Comcast charges $399.95 a month for its 505 Mbps tier. An Ars Technica report said Comcast’s 2 Gbps service will cost less than that. It also said that all 505 Mbps customers will be upgraded to the new Gigabit Pro service. As the MSO tries to work out pricing, it decided to delay the initial May release of the service to a new, undetermined date.

rb-

Lets be honest, the real hero here is Dan Gilbert and his RocketFiber project. As has been the case where Google Fiber has gone in, the other players suddenly show an interest in that market. I predict a win for RocketFiber, because Mr. Gilbert’s people understand customer service and Comcast hates its customers.

GOP Ordred to Gut FCC Over Net Neutrality

GOP Ordred to Gut FCC Over Net NeutralityThe courts turned down big Telecom’s demands to immediately kill Net Neutrality and some how the Internet still works. In response big Telecom’s House Republican stooges continue their war against consumers and the open Internet. The telecom lackey’s have buried riders in a 156-page budget bill that would stop the FCC from enforcing the Net Neutrally regs until courts decide several challenges to them.

AccordingGOP Ordred to Gut FCC Over Net Neutrality to FierceCable, the GOP’s 2016 Financial Services and General Government Appropriations bill, unveiled recently, contains three riders buried in the budget are rules that

  1. Prevent the FCC from enforcing its net neutrality rules, pending what could be years of litigation
  2. Cut the FCC budget by $73 million
  3. Prohibits the FCC from regulating rates for both wireline and wireless Internet services

Harold Feld, senior VP at Public Knowledge, in a responding statement told FierceCable:

Political bossWorst of all, the Appropriations Committee ban on FCC enforcement that ‘directly or indirectly’ regulates prices would prevent the FCC from performing even the most basic consumer protection action, such as the recent FCC enforcement against wireless carriers requiring them to refund charges for services customers did not order or had discontinued.

Public Knowledge VP Feld concludes:

The Appropriations Committee would rather declare open season to rob American broadband subscribers with overcharges and ripoffs than allow the FCC to do its job.

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.