Despite the billions being invested in 3G technology by the cellular carriers in an attempt to upgrade security in the network, it is similar to spending buckets of money to secure your front door and then leaving the back door and windows open and unlocked.
As reported today by the Washington Post, German researchers Engel, founder of Sternraute, and Karsten Nohl, chief scientist for Security Research Labs have independently uncovered these flaws and plan to report on them at a hacker conference later this month.
Most vulnerabilities reported in the past have been discovered to long be abused by governments. This is likely no exception. To quote from the article ““Many of the big intelligence agencies probably have teams that do nothing but SS7 research and exploitation,” said Christopher Soghoian, principal technologist for the ACLU and an expert on surveillance technology. “They’ve likely sat on these things and quietly exploited them.””
So once again, we must take all of these types of issues into account when performing security audits for our clients. Very little electronic is truly secure, and this has always been our position. We work to provide a path to the always delicate balance between too little security and too much.