http://img.photobucket.com/albums/v704/chanpicco/chanpicco071/SS7-ASN1-Flaw_zpslcpchclx.jpg
Preface
People might questions leonardo Da Vinci if he still alive. Why did he choose this woman became mona lisa? Since nobody could explain on behalf of him. But strongly believe that this is the original design.
Linux are everywhere today, in workstation, servers, mobile devices and IoT devices. On the other hand, the culture of modern world relies on electronic communications system. Therefore network communication protocol especially TCP/IP protocol and Signaling System 7 are the major elements in nowadays world.
Recall historical data of specific elements (quick & dirty)
1. ASN.1
Originally defined in 1984 as part of CCITT X.409:1984
Design objective:
i. Overcome how different computer systems transmit data
ii. Model parameters exchanged between application entities
2. Signalling System 7
It was developed in 1975
Design objective
i. SS7 controls telephone calls, both wired and wireless, through the use of a control signal that is separate from the actual voice circuit.
ii. It allows phone networks to exchange the information needed for passing calls and text messages between each other.
3. TCP/IP version 4
The first version of this predecessor of modern TCP was written in 1973
Design objective
i. A set of general design guidelines and implementations of specific networking protocols to enable computers to communicate over networks.
ii. TCP/IP provides end-to-end connectivity specifying how data should be formatted, addressed, transmitted, routed and received at the destination.
Flaws found as of today
TCP/IP version 4 (CVE-2016-5696)
The difficult part for hacker taking over TCP connection is to guess the source port of the client and the current sequence number. A group of researchers found that open a connection to the server and send with the source of the attacker as much “RST” handshake packets with the wrong sequence mixed with a few spoofed packets. By counting how much “challenge ACK” handshake packet get returned to the attacker side. Attacker might knowing the rate limit one can infer how much of the spoofed packets resulted in a challenge ACK to the spoofed client and thus how many of the guesses where correct. This way can quickly narrow down which values of port and sequence are correct.
http://img.photobucket.com/albums/v704/chanpicco/chanpicco071/ninja-anima-ver2_zpsoonzpftm.gif
Interim solution apply to Linux environment
Linux are everywhere today, in workstation, servers, mobile devices and IoT devices. Append the following to /etc/sysctl.conf:
net.ipv4.tcp_challenge_ack_limit = 999999999
Use “sysctl -p” to activate this feature
Flaw found in ASN.1 compiler
For more details, please see below:
https://www.linkedin.com/pulse/flaw-found-communications-industry-yet-determined-1-picco
Interim solution: unavailable
Current status: The extent of the vulnerability has yet to be determined, IT folks this vulnerability looks critical. It is hard to imagine what’s the impact at this moment. We keep our eyes open see whether a remediation will be announced by the telecommunication providers?
SS7 Vulnerability
A proof of concept shown that attacker could use the telephone network to access the voice data of a mobile phone, find its location and collect other information. Hacker able to manipulating USSD commands to spoof financial transactions such as the authorization of purchases or the transfer of funds between accounts.
The hacks exploit the SS7 vulnerability by tricking the telecom network believing the attacker’s phone has the same number as the victim’s phone. We know that hackers can hijack whatsApp and telegram via ss7. A vulnerability found on 2008.
Interim solution
Mobile phone network services provider has employed security experts to perform analysis of the SS7 systems in use to try and prevent unauthorised access.
For additional information details, please refer below:
SS7 hack explained: what can you do about it?
http://img.photobucket.com/albums/v704/chanpicco/chanpicco071/OSI-vs-SS7_zpsk76izco4.gif
How to protect your IT premises in regards to above flaws?
For weakness of TCP/IP protocol, the IP version 6 able to resolve design limitation of sequence number. In the long run, it is recommend IT team get rid of IP version 4. However the truth is that v4 and v6 are mixed mode in nowadays IT world.
The most headache topics are the ANS.1 complier flaw and Signalling system 7 vulnerability. For SS7 vulnerability, since those item of works (remediation and mitigation) are relies on Telecommunication service providers. Mobile phone network services provider employing security experts to perform analysis of the SS7 systems in use to try and prevent unauthorised access. For text messages, avoiding using SMS. As far as we know, whatsapp communication is being encrypted today!
How’s the status of ASN.1 compiler right now?
About SS7 vulnerability information update:
Nokia safeguards network operations with new security features in Sep 2015. The features consisting of Signaling Guard and Security Assessment service, detects and prevents attacks that exploit vulnerabilities in the SS7 protocol. For more details. Please refer to url below:
http://company.nokia.com/en/news/press-releases/2015/09/03/nokia-networks-safeguards-network-operations-with-two-new-security-launches-networksperform
About SS7 vulnerability incident found and reported by German newspaper media on May 2017:
German newspaper (Süddeutsche Zeitung) reported that that hackers relied on SS7 attacks flaw as a backdoor. The vulnerability allow bypass two-factor authentication (2FA) systems to conduct unauthorized wire transfers.
http://www.sueddeutsche.de/digital/it-sicherheit-schwachstelle-im-mobilfunknetz-kriminelle-hacker-raeumen-konten-leer-1.3486504