Tag Archive for CTIA

| June 17, 2018
Comments Off on What is SS7?

What is SS7?

What is SS7?– Updated 10/25/2018 – The NYT is reporting that China and Russia are spying on Trump via his unsecured iPhone. NYT says that though intercepted calls, likely related to SS7 the Chinese have pieced together a list of the people with whom Mr. Trump regularly speaks in hopes of using them to influence the president, the officials said. Among those on the list are Stephen A. Schwarzman, the Blackstone Group CEO, and Steve Wynn, the former Las Vegas casino magnate.

Trump uses unsecure cell phoneA number of outlets are speculating that the Chinese are using the known SS7 flaw to spy on the president’s iPhone.  I have written about the problems with SS7 a number of times since 2016 and now the chicken has come home to roost.

Trump recently bragged that he gave the North Korean dictator his personal cell number. If that is true, he has created a major national security exposureKarsten Nohl, chief scientist at the firm Security Research Labs, who researches cell network attacks told Wired,  “Absolutely that is a problem.” He says hackers can abuse flaws in Signaling System 7 to listen in on someone’s phone calls, intercept their text messages, and track their location.

North Korean intelligence isn't already tracking Trump's phonesIf North Korean intelligence isn’t already tracking Trump’s phones through malware, a direct phone number could give them a way in. The SS7 attacks can give hackers relatively easy access to calls and texts, and location data. Wired points out that North Korea has proven itself as an adversary willing to hack and manipulate systems around the world for its financial or intelligence gain—it was responsible both for the 2014 hack of Sony and 2017’s WannaCry ransomware outbreak – SS7 hacking is likely no exception.

The telecom industry and U.S.government have done very little to plug the SS7 hole. Senator Ron Wyden, a Democrat from Oregon and a senior member of the Senate Select Committee on Intelligence, has been tracking the SS7 issue for several years. He has sent letters to FCC Chairman Ajit Pai, asking for answers on SS7 security and details about how many network providers have been breached through SS7. Mr. Wyden wrote, “I’ve spent the past year fighting to reveal what a terrible job the telephone companies and FCC are doing at protecting Americans from being spied on, tracked, or scammed.”

Attackers used SS7 to get customer dataFCC Chairman Ajit Pai

Mr. Wyden said he had been told by a big-name mobile network that malicious attackers are believed to have used SS7 to obtain US customer data. DHS confirmed reports of “nefarious” types leveraging SS7 to spy on American citizens by targeting their calls, text messages, and other information.

So what is SS7?

The Signaling System 7 (SS7) network is fundamental to cellphones operations, but its security design relies entirely on trust. The protocol does not authenticate messages; anyone with access to SS7 can send a routing message, and the network will make it. Now as SS7 network operators are opening the SS7 network to third-party access, vulnerabilities are being exposed and attacked initially by governments and now criminals.

Since 1975, over 800 telecommunications companies around the world use SS7 to ensure their networks interoperate. SearchNetworking.com defines the Signaling System 7 (SS7) as an international telecommunications standard that describes how network elements in a public switched telephone network (PSTN) exchange information over a digital signaling network.

SS7 control messages

SS7 control messages contain routing, congestion, and authentication information.

  • SS7 routing deals with: How do I send a call to 313-555-1234?
  • Congestion – What to do if the route to a network point is crowded.
  • Authentication – Confirms that the caller is a valid subscriber and lets the call set up continue.

They explain that SS7 consists of a set of reserved or dedicated channels known as signaling links. There are three kinds of network points signaling points:

  • Service Switching Points (SSPs) originate or terminate a call and communicate with SCPs to determine how to route a call or set up and manage some special feature.
  • Signal Transfer Points (STPs) are packet switches that route traffic on the SS7 network.
  • Service Control Points (SCPs) SCPs and STPs are usually mated so that service can continue if one network point fails.

Cell phonesSS7 out-of-band signaling (control) information travels on a separate, dedicated 56 or 64 Kbps channel and not within the same channel as the telephone call. Historically, the signaling for a telephone call has used the same voice circuit that the telephone call traveled on. Using SS7, telephone calls can be set up more efficiently and special services such as call forwarding and wireless roaming service are easier to add and manage. SS7 is used for:

  • Setting up and managing the connection for a call,
  • Tearing down the connection when the call is complete
  • Billing,
  • Managing features such as:
    • call forwarding,
    • calling party name and number display,
    • three-way calling,
    • Toll-free (800 and 888) and toll (900) calls
    • 911 emergency service calls in the US, and,
    • Other Intelligent Network (IN) services.
  • Wireless as well as wireline call service including:
    • Mobile telephone subscriber authentication,
    • Personal communication service (PCS) and,
    • Roaming,
    • SMS messages.

Within SS7, SMS messages are sent on the same channels and infrastructure as SS7 uses to control the core of the telephone networks.

When an SMS message is sent from an SMS-capable cell phone, the message is handled no differently than a normal call setup: it moves from the cell phone to a base station to a Mobile Switching Center (MSC).

SMS messageFrom the mobile switching center, the SMS message moves inside the SS7 network to the Short Messaging Service Center (SMSC), a standard part of the network. The SMSC queries the Home Location Register (HLR) to find out where the recipient of the message is and whether he or she is switched on to receive a message. If not, the SMSC stores the message until it can be delivered.

Mobile Switching Center (MSC) — The MSC is the equivalent of the local switch inside the mobile network. It provides very similar services to a switch, but uses virtual circuits over radio channels instead of physical voice circuits. One variation on the MSC is the Gateway Mobile Switching Center (GMSC) which routes calls into and out of the network and will not have phones locally registered.

Visitor Location Register (VLR) — The VLR is the database attached to an MSC that keeps track of all the phones currently “registered” to it, informing other nodes of status changes, and checking authentication information.

Short Message Service Center (SMSC) —The SMSC is the clearinghouse for SMS messages on an SS7 network and provides store-and-forward services.

Home Location Register (HLR) — HLR is a core database that keeps track of subscribers. It contains information on the current account status and provides authorization information for billing. When a call or SMS is trying to reach a subscriber, this is the node that is queried to find out where in the network that subscriber actually is.

SS7 Architecture

rb-

Mr. Nohl told Motherboard SS7 is, “probably the weakest link in our digital protection chain.” CTIA, the telecom lobbying arm, denies there is a problem with SS7. CTIA told DHS that the SS7 flaws are “perceived shortcomings.” They also said that talking about SS7 attacks is “unhelpful.” CTIA, practicing “security through obscurity,” claimed that talking about the issues may help hackers. 

This is a mess. Contact your senator and representative in D.C. and tell them to support Senator Wyden, efforts to force the FCC to deal with the SS7 flaws. 

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| January 21, 2011
Comments Off on Wireless Spends Big Bucks Lobbying Congress

Wireless Spends Big Bucks Lobbying Congress

Wireless Spends Big Bucks Lobbying CongressCTIA, the Wireless Association, CTIA is the wireless industry’s largest trade group spent $2.4 million in the third quarter of 2010 to lobby federal officials. Bloomberg cites a quarterly disclosure report filed with the U.S House of Representatives.  This marks a new high in CTIA lobbying spending. CTIA spent $2 million spent in the second quarter and $1.3 million that it spent on lobbying in the third quarter of last year, reports Bloomberg. Bloomberg says the trade association lobbied Washington on:

  • MCTIA, the Wireless Associationore radio spectrum for wireless Internet services.
  • The FCC’s recently adopted “network neutrality” rules, which prohibit broadband providers from interfering with Internet traffic traveling over their systems.
  • The FCC’s legal framework for regulating broadband.
  • “Bill shock” rules, which would require wireless companies to alert subscribers before they run out of minutes, hit data usage or text messaging caps, or start racking up international roaming charges.
  • The CTIA which represents wireless carriers, like AT&T, Verizon Wireless, Sprint Nextel, and T-Mobile, says it now generates annual revenues of $155.8 billion.

rb-

Not only is the wireless industry lobbying group, CTIA spending millions every year to buy influence legislation, but the wireless companies are also the leaders in lobbying spending. I wrote about AT&T and Verizon (VZ) both spending over $3 million on lobbying in 2010 here. I wrote about AT&T’s (T) long tradition of spreading its money around to buy influence legislation here. The rational business use of this money says that these firms are getting more benefit by lobbying lawmakers than investing it in their networks, paying a dividend, or putting the money in the bank, but are the best decisions for the rest of us?

Who do you think the politicians are really looking out for?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| February 6, 2010
Comments Off on Taxman Still Coming

Taxman Still Coming

Updated 04-13-2010 It is being reported that the U.S. House has scheduled for April 15th consideration of the Taxpayer Assistance Act of 2010. The bill’s major provision would remove cell phones and similar telecommunications devices as listed property, effective for tax years beginning after 2009.

Ways and Mean member John Lewis (D-GA) was expected to introduce the bill. It would include several individual taxpayer assistance measures. As offsets to the bill’s cost of $411 million, it would expand the bad-check penalty to electronic payments and increase information return penalties.

Taxman Still ComingBy 2013 mobile phones will overtake PCs as the most common Web access device worldwide according to Gartner forecasts. The IT research firm says the total number of PCs in use will reach 1.78 billion in 2013. By 2013, the combined installed base of smartphones and browser-equipped enhanced phones will exceed 1.82 billion units. These devices will be greater than the installed base for PCs afterward.

Gartner logoDespite these projections, the U.S. Internal Revenue Service (IRS) continues to treat mobile phones as a luxury.  According to an article on Mobile Enterprise,  since 1989 IRS tax regulations have identified the cellphone as “listed property.” A listed property is an item obtained for use in a business but designated by the tax code as lending themselves easily to personal use.

Tax policy

According to the IRS, “unless the employer has a policy requiring employees to keep records, or the employee does not keep records, the value of the use of the phone will be income to the employee.” The IRS goes on to say, “At a minimum, the employee should keep a record of each call and its business purpose. If calls are itemized on a monthly statement, they should be identified as personal or business and the employee should retain any supporting evidence of the business calls. This information should be submitted to the employer, who must maintain these records to support the exclusion of the phone use from the employee’s wages.

On the other hand, if the phone is employee-owned there are different tax rules. The IRS says “the listed property requirements do not apply. Any amounts the employer reimburses the employee for business use of the employee’s own phone may be excludable from wages if the employee accounts for the expense under the accountable plan rules.”

In June 2009 the IRS proposed to tax up to one-quarter of an employee’s use of a work cellphone. However, the IRS has since decided to let Congress handle the matter. IRS Commissioner Doug Shulman announced on January 8, 2010,  the IRS is now taking a “wait-and-see” attitude. The policy leaves its current regulations in place until Congress passes new legislation. Shulman said on the C-Span’s “Newsmaker” program: “We’re quite hopeful Congress is going to act on this. In the meantime, we’re not doing anything special or moving forward with any initiatives. Our hope is that there will be legislation to clean this up.

Senator John Kerry (D-MA) sponsored the Modernize Our Bookkeeping In the Law for Employees – Mobile Cell Phone Act of 2009, (S. 144/H.R. 690). The bill would remove mobile devices from the listed property rule to exempt them from the tax. The House approved the bill during the last Congress but is still in committee in the current session.

CTIA response

The Cellular Telecommunications & Internet Association (CTIA) trade association welcomed the news. In a Jan. 11, 2010, prepared statement CTIA President Steve Largent said, “The existing rule is an anachronism and it can’t be saved simply by giving it a facelift. That’s why we are focused on continuing to secure congressional support for the Mobile Cell Phone Act, which enjoys broad bipartisan support on both sides of the Capitol. It is our hope that Congress act soon to help employers and employees alike by repealing this absurd, outdated rule.” According to CTIA, employees are still required to maintain logs detailing their business use on a mobile device. The IRS expects individuals to record the following items, according to the CTIA:

  1. the amount of such expense or other items,
  2. the time and place of the use of the property,
  3. the business purpose of the expense, and
  4. the business relationship to the taxpayer of the persons using the property.

The results of the stalled legislation have been predictable. The article cites the example of Rocky Mount, VA, which stopped issuing cellphones to employees. Town employees whose job requires 24×7 availability via cell phone are required to buy their own phone. They will be given a flat stipend for using the phone for work purposes. If employees do not keep careful records, despite paying for their own cellphones for business purposes they may not be able to claim the service as a business deduction. The article notes that “For a for-profit business, the designation of an item as ‘listed property’ has implications for depreciation deductions taken by the business and the computation of net income.”

How to comply with existing tax rules

To comply with existing tax rules, Thompson’s Employer’s Guide to Fringe Benefits Rules says employers must satisfy the onerous substantiation requirements. They do this by requiring annotated monthly statements from employees to support deductions and employee income exclusions. Or firms must treat the value of the benefits as wages for Federal employment tax purposes and report this value as wages on Forms W-2.

For practical reasons, Thompson says, some employers opt to reimburse employees for cell phone purchases on an after-tax basis. This would negate the employer’s ownership of the phones and the requisite fixed asset tracking that follows. Employers should also provide reimbursements of service and usage fees on an after-tax basis unless they collect annotated documentation from employees to substantiate the reimbursements. Employers should either collect all monthly statements from employees. Otherwise, they should require employees to maintain those records to effectively respond if the IRS inquires into the claims.

What should a firm do if they provide employees with cellphones?

  1. Assess your existing policies for corporate-issued smartphones, and require employees to keep records of each call and its business purpose.
  2. Regularly audit smartphone records and require employees to reimburse the company for all personal use.
  3. Consider whether an individual-liable model for the cellphone users in your enterprise would work.
  4. Get involved and contact your Senator or Representative and tell them to update the IRS code.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,