SS7: Locate. Track. Manipulate [video] (streaming.media.ccc.de)
Tobias Engel demonstrates (amongst other things):
* How to find out the phone numbers of nearby cellphones
* How to track the location of a cellphone that you only know the phone number of
* How intercept outgoing calls of nearby cellphones
25 comments
[ 2.9 ms ] story [ 88.5 ms ] threadTobias Engel demonstrates (amongst other things):
* How to find out the phone numbers of nearby cellphones
* How to track the location of any cellphone worldwide that you only know the phone number of
* How intercept outgoing calls of nearby cellphones (to record and/or re-route to a different number)
But on a serious note, conference organizers should play close attention to how CCC does stuff and replicate it. The pre-talk on screen information is amazing and useful.
http://www.washingtonpost.com/blogs/the-switch/wp/2014/12/18...
One brave network engineer even came forward to complete that list (2/4 -> 4/4) after the talk of Karsten Nohl.
Tobias claims the opposite in the video. He says you can easily rent access from a Carrier (e.g. Verizon) or buy a Femtocell[1][2].
Both approaches seem rather affordable ("hundreds of dollars").
[1] http://en.wikipedia.org/wiki/Femtocell
[2] http://www.thinksmallcell.com/Examples/where-can-i-buy-a-fem...
http://www.digitaltrends.com/mobile/femtocell-verizon-hack/
Fortunately for Verizon customers, the company has since issued a patch to all affected femtocells. Sprint currently offers a femtocell that is similar to the vulnerable models from Verizon, but the company has said it plans to discontinue the device. And while AT&T also offers femtocells, it requires an extra level of authentication that makes much of the iSEC Partner’s findings irrelevant. Still, says Ritter, the femtocell vulnerability is a major problem.
And
Ritter suggests that all carriers that offer femtocells require owners to provide a list of approved devices that are allowed to connect to their femtocell. And also prevent customers’ cell phones from connecting to any unauthorized femtocell.
Verizon was just used as an example here, the same attack vector applies to every mobile carrier in the world.