back to article Hey FCC, when you're not busy screwing our privacy, how about those SS7 cell network security flaws, huh?

US Democrats have written to America's communications watchdog the FCC complaining the mobile industry needs a kick up the backside to fix serious flaws in its networks. Last week the FCC's Communications Security, Reliability and Interoperability Council (CSRIC) published its final report [PDF] into the Signaling System 7 …

  1. Anonymous Coward
    Anonymous Coward

    Everyone's Privacy is for sale but not this... What's that all about?

    Elites from CEO's to Celebs to Politicians can pay AT&T extra to stay clear of ISP slurping, but this type of tracking is still toxic to them....

    1. Jeffrey Nonken

      Re: Everyone's Privacy is for sale but not this... What's that all about?

      These politicians, Wyden in particular, have a track record of being pro-consumer.

  2. CrazyOldCatMan Silver badge

    Handy rule for determining..

    ..if the FCC will take any notice:

    10 If ISP_Cost > 0 then goto Fail

    20 If ISP_Profit_from_Action <= 0 then goto Fail

    30 if ISP_Doesnt_Like_it then goto Fail

    40 Print "We will implement when time is right"

    45 Exit

    50 Proc(Fail)

    60 Print "We believe that the proposal will harm consumer choice and is Bad and Evil"

    65 Delete $Proposal

    70 Exit

  3. fidodogbreath Silver badge

    I can't help but wonder if this is being buried because fixing SS7 would break their Stingray toys.

  4. Kernel

    Alternatively

    "No one else seems to care, sniff politicians

    Maybe the problem is that, unlike politicians, the telcos know enough about the subject to be aware that changing SS7 would need to be done through the ITU, be agreed upon and accepted by member states, be implemented by vendors and that the end result would still need to be backward compatible with what's deployed now.

    There's a whole stack of players involved that really don't give a shit about what the DHS and FCC think, much less US politicians - in fact, there's probably a number of involved parties who would be likely to oppose any proposed changes for no better reason than the US wants them. Being a Muslim or Russian does not disbar a country from ITU membership.

  5. Anonymous Coward
    Anonymous Coward

    Stingray / SS7

    Stingrays are for the air interface and have little to do with SS7. Stingrays usually downgrade security to A5/0 or A5/1. If you have SS7 access, the network you target is not having a SS7 firewall and know what you do, you don't need stingrays. There is the possibility of combined attacks, but that would go off topic.

    Not even going to ITU or 3GPP would work. There was once a try called MAPSec (in 3GPP). The problem is a different one. You need PKI for this (or for NDS/IP security in diameter 4G/5G) and who would be trustworthy enough to host such a GLOBAL PKI with cert revocation, key generation etc... name one country and I name you another country that won't accept it and for good justified reasons.... Not to mention the triviality, who will pay for it? The third operator in an African country in a civil war will not have the money (or expertise for that matter) for getting a cert and setting up IPsec on their interconnect link (telco protocols are not exactly user-friendly). And they are also connected to the IPX network.

    This is not a particular US problem......I'm afraid, telcos will have to need look into things like network security on their core network in defensive terms. In other countries this is already better understood. After all in a connected world, cellular networks are a critical infrastructure....

  6. EnviableOne Silver badge

    SS8 anyone

    seriously is anyone working on it, SS7 is like ancient (in protocol terms)

    1. Anonymous Coward
      Anonymous Coward

      Re: SS8 anyone

      3GPP TS29.272 diameter with NDS/IP security support. Problem is for the usage oft it PKI is needed, globally.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022