Re: [VoiceOps] SS7

Paul Timmins Thu, 21 Apr 2016 11:14:11 -0700

You could do it by saying "hey, this handset is roaming on me" thendirecting the call back to the handset in question, I figure. It wouldbe inbound only intercept, but i could see that working.


-Paul


On 04/21/2016 02:12 PM, Matthew Yaklin wrote:

The part I was curious about and perhaps someone can clarify who hasmore knowledge than I is...

It appears in order to record calls the attacker has to be in veryclose proximity to the target. Like radio/tower range.


You cannot record a conversation half way across the world.


Matt



------------------------------------------------------------------------

*From:* VoiceOps <voiceops-boun...@voiceops.org> on behalf of MatthewYaklin <myak...@firstlight.net>

*Sent:* Thursday, April 21, 2016 2:09 PM
*To:* Kidd Filby; Chris Aloi
*Cc:* voiceops@voiceops.org
*Subject:* Re: [VoiceOps] SS7

Here is a paper that may shed some light on the discussion for thecurious.



https://www.sans.org/reading-room/whitepapers/critical/fall-ss7--critical-security-controls-help-36225

SANS Institute InfoSec Reading Room<https://www.sans.org/reading-room/whitepapers/critical/fall-ss7--critical-security-controls-help-36225>

www.sans.org

The Fall of SS7 Ð How Can the Critical Security Controls Help? 4 "#$$#%!&'()#*+!"#$$#%,-')#*./-#01,2'-! area notices this registrationand transfers to a Visitor ...






------------------------------------------------------------------------
*From:* Kidd Filby <kiddfi...@gmail.com>
*Sent:* Thursday, April 21, 2016 2:01 PM
*To:* Chris Aloi
*Cc:* Matthew Yaklin; voiceops@voiceops.org
*Subject:* Re: [VoiceOps] SS7

In a strictly TDM world, or conversation... having access to the SS7network gets you nothing but what and where the call traversed. NOaudio is carried and without End Office controlling software for callrouting, just dropping it into some IP connection is not going toafford you anything other than what you already have. You still needaccess to the audio carrying infrastructure of the network to get theaudio.


I cannot comment on CALEA

Kidd

On Thu, Apr 21, 2016 at 10:56 AM, Chris Aloi <cta...@gmail.com<mailto:cta...@gmail.com>> wrote:


    It looked like they had access to SS7 links (likely A links
    terminated to a physical server) and were using FreeSWITCH to
    somehow fork the media from the call and record it.  Just a guess
    based on  the quick console recording.

    Correct, SS7 doesn't carry the actual voice it handles the
    signaling to bring up the voice channels (by identifying be point
    code and CICs) and various other signaling bits.  Not sure if
    there are provisions for CALEA in SS7 that could fork a media
    stream or exactly how that would work.

    So I guess the barrier to entry would be access to the SS7
    network, not as easy as hopping on the Internet, but certainly not
    much of a challenge.

    ---
    Christopher Aloi
    Sent from my iPhone

    On Apr 21, 2016, at 11:52 AM, Kidd Filby <kiddfi...@gmail.com
    <mailto:kiddfi...@gmail.com>> wrote:

    There is no VOICE traversing the SS7 network, so you cannot
    possibly record a conversation by having access to the SS7
    network only.

    On Thu, Apr 21, 2016 at 9:36 AM, Matthew Yaklin
    <myak...@firstlight.net <mailto:myak...@firstlight.net>> wrote:


        In other words the hacker has to have working SS7 trunks or
        access to someone who does? That is how I understood it.

        Not exactly a remote hack from mom's basement sort of thing.

        Matt

        ________________________________________
        From: VoiceOps <voiceops-boun...@voiceops.org
        <mailto:voiceops-boun...@voiceops.org>> on behalf of Peter
        Rad. <pe...@4isps.com <mailto:pe...@4isps.com>>
        Sent: Thursday, April 21, 2016 11:25 AM
        To: voiceops@voiceops.org <mailto:voiceops@voiceops.org>
        Subject: [VoiceOps] SS7

        FYI...

          U.S. carriers mum on 60 Minutes report on vulnerability in
        SS7 -
        
http://www.fiercewireless.com/story/us-carriers-mum-60-minutes-report-vulnerability-ss7/2016-04-19

        Regards,

        Peter Radizeski
        RAD-INFO, Inc.
        813.963.5884 <tel:813.963.5884>
        http://rad-info.net
        * Need bandwidth or colocation? call me
        _______________________________________________
        VoiceOps mailing list
        VoiceOps@voiceops.org <mailto:VoiceOps@voiceops.org>
        https://puck.nether.net/mailman/listinfo/voiceops
        _______________________________________________
        VoiceOps mailing list
        VoiceOps@voiceops.org <mailto:VoiceOps@voiceops.org>
        https://puck.nether.net/mailman/listinfo/voiceops

--Kidd Filby

    661.557.5640 <tel:661.557.5640> (C)
    http://www.linkedin.com/in/kiddfilby
    _______________________________________________
    VoiceOps mailing list
    VoiceOps@voiceops.org <mailto:VoiceOps@voiceops.org>
    https://puck.nether.net/mailman/listinfo/voiceops





--
Kidd Filby
661.557.5640 (C)
http://www.linkedin.com/in/kiddfilby


_______________________________________________
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

_______________________________________________
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] SS7

Reply via email to