A Briefing On The Current Status Of Cell Carrier Security

The evolution of telecom has lead us to the point where we are never too far away from our phones. It is simply astonishing what we are able to fit in our pockets and what these small computers can do. You would think that along with the progression of technology on the client side, the security behind the scenes would progress as well.

Sadly this is not the case.

Most things that where being used in the early 2000's to insure the security of your data are still used today. I will be covering a few easily fixable things that telecom has still not fixed to this day.

Untrained Employees At Telecom Companies

The training at most carrier call centers is laughable compared to the training to prevent SE (Social Engineering) in other industries. "People hacking" is a well known variable that is used by most red-teamers and black hat hackers as one of the most easy way to gain access to a company infrastructure.

Not only is this a risk when it comes to the security of the company's internal infrastructure this also opens up the possibility un-ethical  pretext's. Assuming it is easy to "trick" a support agent into compromising company infrastructure or data it would be safe to assume that the same could be done to extract information about the client of a carrier or other service provider type. This could be leveraged in multiple way's to extract data from the service provider about the victim.

Sim Card Security

Sim (Subscriber Identity Module) cards themselves are a outdated technology primarily used by GSM carriers. this technology is just another attack point waiting to be leveraged by a savvy attacker or government agency. These little smart cards running java have been used in cell phones for almost 2 decades now with little to no security changes made. This was talked about in great detail in the Defcon 21 speech "The Secret Life of SIM Cards" by Karl Koscher & @zantifon.  I suggest anyone fascinated by this to give it a watch.

Call Spoofing For Access To Protected Systems

An individual can “spoof” you and see your voicemails by calling you, using your telephone number. From there, they can gain access ILLEGALLY to your data. This is highly illegal, unethical, and only what a con artist does. As per the FCC, “Under the Truth in Caller ID Act, FCC rules prohibit anyone from transmitting misleading or inaccurate caller ID information with the intent to defraud, cause harm or wrongly obtain anything of value. Anyone who is illegally spoofing can face penalties of up to $10,000 for each violation.” Using call spoofing to get into voicemail is wiretapping - remember this is (highly illegal folks).

In addition to this, an individual could call a service that recognizes your number (Like a bank or a utility company) and gain access to protected data. This is a major flaw in the security of automated telecom systems. The reliance on the caller ID as a means of identifying a subscriber is a massive vulnerability that is rarely talked about by security professionals.

A wide majority of call spoofing services have blocked the ability to call someone from his/her own number. however, services like spoofcard still sell services that allow this action. Also, even if services do not allow this action in the future... There is still other options for setting up your own caller ID spoofing system with SIP or related telecom system protocols.

Conclusion

As we progress to have more and more powerful computers in our pockets, we must push to not only update the systems in our pockets, but the systems that are the backbone for the infrastructure controlling it. Out of date systems like CNAM, SIM's and automated telecom system instigators needs to look into updating their techniques with modern alternatives. The fact that we still have the ability to sniff the traffic between a client and a cell tower shows that we are in great need for a security overhaul [refrence article by ckn.io].