"The insecurity of Signaling System 7 (SS7) has been a longstanding issue, allowing governments and surveillance tech makers to exploit its vulnerabilities to geolocate individuals' cell phones. SS7 does not require authentication or encryption, making it susceptible to abuse by rogue operators."
"The newer Diameter protocol was designed to replace SS7 and includes enhanced security features. However, the Citizen Lab report indicates that vulnerabilities still exist, as some cell providers fail to implement these protections, allowing attackers to exploit SS7."
Security researchers uncovered two spying campaigns exploiting vulnerabilities in global telecom infrastructure to track individuals' locations. These campaigns are likely part of a broader trend of surveillance vendors accessing phone networks. The Citizen Lab report details how these vendors operated as 'ghost' companies, masquerading as legitimate cellular providers. The exploitation of known flaws in Signaling System 7 (SS7) and the newer Diameter protocol highlights ongoing security issues, as SS7 lacks authentication and encryption, while Diameter's protections are not always implemented by providers.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]