Mobile networks around the world have been penetrated by criminals and governments via bugs in the code that keeps them running. The security holes have been found in a technology known as Signalling System 7 (SS7), which helps to interconnect mobile networks across the globe. Security experts from Veracode and SQR systems have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Chris Wysopal, CISO and CTO at Veracode :
“The SS7 vulnerabilities are just another example of software-based systems that weren’t built for the rich interconnectivity and threats of the modern mobile infrastructure. Development teams need to go into projects with the expectations that what they’re creating will live in a hostile environment where attackers will look to exploit vulnerabilities. We’ve seen this across every industry and it’s no surprise it’s occurring in the Telco industry. A core protocol like SS7 provides governments and rogue actors wide access to the world’s communications infrastructure making it an incredibly attractive system to break into. Until software developers change their approach and build security into their code from the start, we’re going to continue to see these problems.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Dr Nithin Thomas, CEO and Founder of Security Startup SQR Systems :
“The revelation that SS7 technology is leaving a major weakness in the security of mobile phone networks demonstrates the clear need for better protection of our mobile data.
“Organisations and individuals are spending large amounts of money protecting sensitive data on their computers and networks, but the same information is communicated through voice, video and messaging from smartphones with increasing frequency. Many workers now view being able to send and access sensitive data through their phones as an essential part of their jobs.
“The security of this data is often dangerously overlooked and there is a clear need for better awareness and protection. End-to-end encryption techniques which run on top of the networks should be a standard to provide users with greater projection and control of their data. Leaving this flaw unaddressed exposes businesses and end users to a far greater risk of attack.”[/su_note]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.