Hello all,
I was reading this old(2018) ENISA Report
https://www.enisa.europa.eu/publications/signalling-security-in-telecom-ss7-diameter-5g/@@download/fullReport
Might help in some way but reading it had reminded me of ARP spoofing/poisoning
attacks which even today are still used and work in a lot of networks that I
have been. :)
One year later I had open a case with Salt where I requested a public statement
that they had fixed/mediated the issues discovered up to that time(March 2019)
or at least that aremediation plan was in place.
Someone from Support answered that "The introduction of 5G will only take place
if data security is guaranteed for our customers and we can assume that the
security issue will not lead to a delay in the introduction of 5G."
I was not satisfied ::)) with the answer and requested an escalation
They eventually closed my case in July 2019 with:
"Dear Sir,
Salt follows industry best practices in terms of security for its entire
mobile infrastructures and improves constantly the protection of its mobile
infrastructures and customers. The case you mention is known and has been
addressed accordingly.
"
No public statement nor such other mentions of which fix was exactly addressed.
I don't have anything with any mobile provider. At that time it was just happen
to be Salt. I move from time to time to different other ones.
I think we should have here in Switzerland more or less a same similar to ENISA
organization that should supervise and perform regular audits on mobile
providers. Melani/NCSC would that fit your bill?
I never really had time to further test if any of those vulnerabilities or
newer where actually fixed. Someone should definitely do it. Free for fame or
payed from a government branch is to
https://www.gsma.com/security/gsma-mobile-security-research-acknowledgements/
Regards,
Florin
_______________________________________________
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch
