HackDig : Dig high-quality web security articles for hacker

SS7 Attack Circumvents WhatsApp and Telegram Encryption

2016-05-10 21:20

Mobile networking experts from security firm Positive Technologies revealed last week a new attack that uses the SS7 mobile telecommunications protocol that allows attackers to impersonate mobile users and receive messages intended for other people.

Their proof-of-concept demonstration relied only on a cheap laptop running Linux and an SDK that enabled them to interact with the SS7 protocol.

SS7 protocol flaws are known since 2014

The Signaling System No. 7 (SS7) protocol is a standard developed in 1975 that allows telco operators to interconnect fixed line and/or mobile telephone networks.

The protocol was never updated to take into account the advancements made in current mobile technologies and remained grossly outdated.

Many security experts have warned about its lack of proper security measures ever since 2014. Infamous are two talks given by researchers at the 31st Chaos Communication Congress in Germany. Positive Technologies was also one of those companies, releasing an in-depth report about the protocol's issues in December 2014.

More recently, the protocol was subjected to public criticism after a CBS researcher with the help of a German security firm, used SS7 weaknesses to track and spy on a US elected official.

New SS7 attack demo shows how to circumvent encrypted apps

Seeing the attention this protocol started to get from the press once again, Positive Technologies has leveraged its previous research and has put out a blog post (in Russian, translated version) in which it details an SS7-based attack on encrypted communications carried out via apps such as WhatsApp and Telegram.

The researchers, using their Linux laptop, spoofed a mobile network node and intercepted the initial phase of a chat between two users of an encrypted app.

Because the encrypted apps they've tested use SMS authentication to identify and authenticate users participating in encrypted conversations, researchers didn't bother to break the app's encryption, but simply impersonated the second person in an encrypted communications channel.

To do this, they used loopholes in the SS7 protocol detailed in their 2014 research paper, which allow an attacker to intercept incoming SMS messages, used by the apps to identify users.

Their demonstration proved that surveillance agencies don't necessarily need to crack encryption to spy on users, and can very well use the existing mobile networking infrastructure to carry out such operations. The attack is not tailored for WhatsApp or Telegram, and can be used for other apps such asr Viber.

UPDATE: An encryption specialist with knowledge of WhatsApp's inner workings has contacted Softpedia and pointed out that the victim of such attacks should "get a notice that their contact's security code changed." Softpedia has reached out to Positive Technologies and inquired if their attack circumvents this protection system. The title has been changed accordingly.

Researchers intercepting Telegram conversations (third phone)
Researchers intercepting Telegram conversations (third phone)


Source: ths.498305-sselesu-noitpyrcne-margelet-dna-ppastahw-sevael-kcatta-7ss/swen/moc.aideptfos.swen

Read:4558 | Comments:0 | Tags:Security

“SS7 Attack Circumvents WhatsApp and Telegram Encryption”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud