You could do it by saying "hey, this handset is roaming on me" then
directing the call back to the handset in question, I figure. It would
be inbound only intercept, but i could see that working.
-Paul
On 04/21/2016 02:12 PM, Matthew Yaklin wrote:
The part I was curious about and perhaps someone can clarify who has
more knowledge than I is...
It appears in order to record calls the attacker has to be in very
close proximity to the target. Like radio/tower range.
You cannot record a conversation half way across the world.
Matt
------------------------------------------------------------------------
*From:* VoiceOps <voiceops-boun...@voiceops.org> on behalf of Matthew
Yaklin <myak...@firstlight.net>
*Sent:* Thursday, April 21, 2016 2:09 PM
*To:* Kidd Filby; Chris Aloi
*Cc:* voiceops@voiceops.org
*Subject:* Re: [VoiceOps] SS7
Here is a paper that may shed some light on the discussion for the
curious.
https://www.sans.org/reading-room/whitepapers/critical/fall-ss7--critical-security-controls-help-36225
SANS Institute InfoSec Reading Room
<https://www.sans.org/reading-room/whitepapers/critical/fall-ss7--critical-security-controls-help-36225>
www.sans.org
The Fall of SS7 Ð How Can the Critical Security Controls Help? 4 "
#$$#%!&'()#*+!"#$$#%,-')#*./-#01,2'-! area notices this registration
and transfers to a Visitor ...
------------------------------------------------------------------------
*From:* Kidd Filby <kiddfi...@gmail.com>
*Sent:* Thursday, April 21, 2016 2:01 PM
*To:* Chris Aloi
*Cc:* Matthew Yaklin; voiceops@voiceops.org
*Subject:* Re: [VoiceOps] SS7
In a strictly TDM world, or conversation... having access to the SS7
network gets you nothing but what and where the call traversed. NO
audio is carried and without End Office controlling software for call
routing, just dropping it into some IP connection is not going to
afford you anything other than what you already have. You still need
access to the audio carrying infrastructure of the network to get the
audio.
I cannot comment on CALEA
Kidd
On Thu, Apr 21, 2016 at 10:56 AM, Chris Aloi <cta...@gmail.com
<mailto:cta...@gmail.com>> wrote:
It looked like they had access to SS7 links (likely A links
terminated to a physical server) and were using FreeSWITCH to
somehow fork the media from the call and record it. Just a guess
based on the quick console recording.
Correct, SS7 doesn't carry the actual voice it handles the
signaling to bring up the voice channels (by identifying be point
code and CICs) and various other signaling bits. Not sure if
there are provisions for CALEA in SS7 that could fork a media
stream or exactly how that would work.
So I guess the barrier to entry would be access to the SS7
network, not as easy as hopping on the Internet, but certainly not
much of a challenge.
---
Christopher Aloi
Sent from my iPhone
On Apr 21, 2016, at 11:52 AM, Kidd Filby <kiddfi...@gmail.com
<mailto:kiddfi...@gmail.com>> wrote:
There is no VOICE traversing the SS7 network, so you cannot
possibly record a conversation by having access to the SS7
network only.
On Thu, Apr 21, 2016 at 9:36 AM, Matthew Yaklin
<myak...@firstlight.net <mailto:myak...@firstlight.net>> wrote:
In other words the hacker has to have working SS7 trunks or
access to someone who does? That is how I understood it.
Not exactly a remote hack from mom's basement sort of thing.
Matt
________________________________________
From: VoiceOps <voiceops-boun...@voiceops.org
<mailto:voiceops-boun...@voiceops.org>> on behalf of Peter
Rad. <pe...@4isps.com <mailto:pe...@4isps.com>>
Sent: Thursday, April 21, 2016 11:25 AM
To: voiceops@voiceops.org <mailto:voiceops@voiceops.org>
Subject: [VoiceOps] SS7
FYI...
U.S. carriers mum on 60 Minutes report on vulnerability in
SS7 -
http://www.fiercewireless.com/story/us-carriers-mum-60-minutes-report-vulnerability-ss7/2016-04-19
Regards,
Peter Radizeski
RAD-INFO, Inc.
813.963.5884 <tel:813.963.5884>
http://rad-info.net
* Need bandwidth or colocation? call me
_______________________________________________
VoiceOps mailing list
VoiceOps@voiceops.org <mailto:VoiceOps@voiceops.org>
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
VoiceOps@voiceops.org <mailto:VoiceOps@voiceops.org>
https://puck.nether.net/mailman/listinfo/voiceops
--
Kidd Filby
661.557.5640 <tel:661.557.5640> (C)
http://www.linkedin.com/in/kiddfilby
_______________________________________________
VoiceOps mailing list
VoiceOps@voiceops.org <mailto:VoiceOps@voiceops.org>
https://puck.nether.net/mailman/listinfo/voiceops
--
Kidd Filby
661.557.5640 (C)
http://www.linkedin.com/in/kiddfilby
_______________________________________________
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops