© 2019 Aitchison Reid Consulting Pty Ltd, a company incorporated in Australia. Trading as ARC Solutions and Aitchison Reid Consulting. ACN 158 303 774. ABN 56 347 951 609.

 

Disclaimer: The commentary and information on this website is not legal advice, IT, risk, management or general advice. Seek advice on matters of interest arising from the commentary and information on this website. Any reference made on this website to law practice Aitchison Reid Pty Ltd or Aitchison Reid Consulting Pty Ltd does not imply any warranty or any guarantee from Aitchison Reid Pty Ltd or Aitchison Reid Consulting Pty Ltd for the reference made. 

 

 

Terms of Use & Privacy Policy | News & Publications | About Us | Contact

 

.

    • Twitter Clean Grey
    • Facebook Clean Grey
    • LinkedIn Clean Grey

    SS7 & IMSI Catchers in the Hood. Sweet as? Yeah, nah.

     

     

    US 60 Minutes broadcast a story on 17 April 2016 about some folks armed with only a cellphone number being able to listen in on phone calls and track the movements of U.S. congressman Ted Lieu.

     

    The story touched on some phone hack techniques, including IMSI catcher risks (see an example of risk and mitigation at 3 min 50 sec) but spent most time on the issue of SS7 vulnerabilities in cellular networks and what real and present impact these vulnerabilities have on everyone who uses a mobile phone (or other cellular network connected device).

     

    Ted Lieu took exception to these revelations, and on 18 April 2016 he sent a letter to the leadership of the House Oversight Committee to request a full investigation into the significant SS7 vulnerabilities identified in the global mobile network. Questions about SS7 vulnerabilities were also asked by Ted in the open-session Subcommittee on Information Technology hearing on Federal Cybersecurity Detection, Response and Mitigation held on 20 April 2016 (see Ted's questions at 1 hour 26 sec and 1 hour 21 min 14 sec).

     

    All this is good and well, but why should we Australians, New Zealanders, Solomon Islanders, Fijians and other nations in Melanesia and Polynesia care about our American friends discussing SS7 cellular network vulnerabilities in their media and government system? We ought to care because none of our governments mention these vulnerabilities' criticality or national significance in their publicly disclosed cyber security strategies (where those strategies exist). Yet cellular networks underpin the backbone of private and economic activities of individuals and households, small, large and corporate businesses and government activities across our countries. Pretty odd for a national cyber security strategy to miss out the security of widely used, pervasive technology like mobile phones and cellular networks.

     

    In short, the Americans are talking about SS7 impacts and vulnerabilities. Our neighbourhood isn't. Let's change this - ask your government, your cellular carriers and your local media to start the public conversation now.

     

    ARC Solutions is an information security and risk management consultancy. ARC Solutions is also ESD America's authorised reseller of ESD Oversight (SS7 solution), ESD Overwatch (IMSI catcher solution) and ESD/GSMK Cryptophone (encrypted phone solution) in New Zealand, Fiji and Solomon Islands.

     

    Contact ARC Solutions anytime to arrange a private, confidential, encrypted and secure conversation about how we can help you have and use secure mobile telecommunications.
     

    Please reload

    Featured Posts

    Cyber attacks pretending to be payment schedules

    March 28, 2018

    1/6
    Please reload

    Recent Posts
    Please reload

    Archive