2 comments

[ 3.2 ms ] story [ 17.8 ms ] thread
SS7 (the protocol whose security flaws are being downplayed here) was not designed with security in mind, and so has been the subject of infosec research for a few years now.

This is a CCC talk from 2014 (there are older ones) where Tobias Engel demonstrates among other things tracking down a test subject over two continents for about a month, via his non-tempered mobile phone, using only SS7: https://www.youtube.com/watch?v=-wu_pO5Z7Pk

In the same talk he mentions that he is working with a German telecom operator to resolve some of these issues. So as opposed to the US, it appears SS7 has been hardened in the EU since at least 2014 for the type of attacks mentioned in the Vice article... I really wonder why the US MNO are unwilling to act on this, since it's (1) a well known vulnerability and (2) fixes (or at least mitigations) have been implemented.

yeah old news. makes the whole mobile system a joke.