nice : https://www.spiegel.de/netzwelt/netzpolitik/andreas-fink-mobilfunkverband-geht-gegen-schweizer-ss7-dienstleister-vor-a-d012c1dd-afb7-4ead-9571-59653abc17e1?sara_ref=re-xx-cp-sh
about time ;-) ----- Am 15. Mai 2023 um 13:31 schrieb Florin Sfetea via swinog swinog@lists.swinog.ch: > Hello all, > > I was reading this old(2018) ENISA Report [ > https://www.enisa.europa.eu/publications/signalling-security-in-telecom-ss7-diameter-5g/@@download/fullReport > | > https://www.enisa.europa.eu/publications/signalling-security-in-telecom-ss7-diameter-5g/@@download/fullReport > ] > Might help in some way but reading it had reminded me of ARP > spoofing/poisoning > attacks which even today are still used and work in a lot of networks that I > have been. :) > > One year later I had open a case with Salt where I requested a public > statement > that they had fixed/mediated the issues discovered up to that time(March 2019) > or at least that a remediation plan was in place. > > Someone from Support answered that " The introduction of 5G will only take > place > if data security is guaranteed for our customers and we can assume that the > security issue will not lead to a delay in the introduction of 5G. " > > I was not satisfied ::)) with the answer and requested an escalation > > They eventually closed my case in July 2019 with: > > " Dear Sir, > > > Salt follows industry best practices in terms of security for its entire > mobile > infrastructures and improves constantly the protection of its mobile > infrastructures and customers. The case you mention is known and has been > addressed accordingly. > " > No public statement nor such other mentions of which fix was exactly > addressed. > > I don't have anything with any mobile provider. At that time it was just > happen > to be Salt. I move from time to time to different other ones. > > I think we should have here in Switzerland more or less a same similar to > ENISA > organization that should supervise and perform regular audits on mobile > providers. Melani/NCSC would that fit your bill? > > I never really had time to further test if any of those vulnerabilities or > newer > where actually fixed. Someone should definitely do it. Free for fame or payed > from a government branch is to > [ > https://www.gsma.com/security/gsma-mobile-security-research-acknowledgements/ > | > https://www.gsma.com/security/gsma-mobile-security-research-acknowledgements/ > ] > > > Regards, > Florin > > _______________________________________________ > swinog mailing list -- swinog@lists.swinog.ch > To unsubscribe send an email to swinog-le...@lists.swinog.ch _______________________________________________ swinog mailing list -- swinog@lists.swinog.ch To unsubscribe send an email to swinog-le...@lists.swinog.ch
