Well, if you search HN for SS7, you note that this is not perfectly
new: SS7 is a protocol from the 1970s with zero security built in. It
can be misused to locate any mobile phone user word-wide and redirect
their SMSes to an attacker.
The news one week later is that the GSMA will revoke this particular Werner
Fink's https://www.fink-telecom.com/ global titles. I'm not familiar
with SS7, but I assume that's what would be the IP address or maybe
the ASN. I found it only in German, but I guess online translation can handle that.
I think it's the same person. He has been in a local parliament for the Swiss pirate party. So he's well aware of the misuse. But he offers the services commercially.
SS7 does not run on IP so no IP address or ASN. It's its own system and protocol, usually running directly on top of T1/E1 lines or time slots on TDM interconnections like SONET/SDH, allocated as signalling links.
It's more complicated than that. Cellular calls are handled by the MAP (Mobile Application Part) protocol, which runs on top of ISUP (ISDN User Part), which runs on top of SS7. Those are exceedingly complex protocols and there are legitimate calls, even from Saudi, e.g. when a Saudi user is visiting America and his Saudi phone is roaming, it needs to send messages to the Saudi HLR (Home Location Register) that can route back calls made to him to the location he is in, and similarly there are management messages to interrogate the network for where the phone is. What the Saudis, and UAE, Russians, Israelis or Chinese have been doing is abusing those messages for US phone numbers of dissidents like Jamal Khashoggi.
Thus a SS7 firewall would need to also support the higher-level MAP and ISUP protocols, and be sufficiently sophisticated to implement rules like "do not allow outside countries to interrogate the status of phones on country code +1 (apart from Canada, because they are also in the North American Number Plan).
There aren't very many programmers with SS7 skills as no one really wants to invest their career in a poorly specified and dying legacy protocol. That's why implementing this would require a large amount of work, i.e. be very expensive, which is what US telcos are balking at, and the captured FCC not cracking the whip as it did with SHAKEN/STIR caller ID authentication.
All 3 German mobile operators claim to run SS7 firewalls, so those exist. How effective those are I have no clue.
Number portability to a competitor are a legal requirement in both Germany and Finland. But sending SMSes to a ported number number between those companies does not work between all operators, although calling works. Whether that is a firewall issue or yet something completely different I have no clue either.
I would assume if the phone cannot receive an SMS it is also protected from a location lookup attack. But only from those networks where it doesn't work. Whether it would have worked or even still works using Fink's global titles I have no clue.
US Senator Ron Wyden has raised the alarm multiple times about the insecurity of SS7 and US Telcos' unwillingness to invest in SS7 firewalls to stop unwarranted requests from outside their networks:
SS7 is slowly being replaced by DIAMETER (itself the successor to RADIUS, see what they did?) inside carriers' own networks, but most carrier-to-carrier interconnections still run on the legacy SS7 protocols.
I understood from the articles that he got problems with his previous global titles in some countries. So he needed new/additional ones. I guess this might be related to firewalls getting stricter?
Whether it's legal or not is probably a difficult question. No law will talk about SS7.
I think there are 2 approaches:
* Circumventing technical measures ("cracking") is illegal in many places. But AFAICS the only security that SS7 relies on is physical security. When it was invented it was assumed networks are under control of trustworthy authorities. So my understanding is no cracking is involved here.
* Under GDPR operators should be obliged to take care of appropriate technical measures for data protection. Whether running a SS7 firewall as e.g. German operators do is enough for that I don't know. Even if it's not violating the GDPR is not a criminal offense. And as we know the US for example has much worse laws covering data protection.
* If certain African operators lease global titles that's probably just not enforceable anywhere.
Well, if you search HN for SS7, you note that this is not perfectly new: SS7 is a protocol from the 1970s with zero security built in. It can be misused to locate any mobile phone user word-wide and redirect their SMSes to an attacker.
The news one week later is that the GSMA will revoke this particular Werner Fink's https://www.fink-telecom.com/ global titles. I'm not familiar with SS7, but I assume that's what would be the IP address or maybe the ASN. I found it only in German, but I guess online translation can handle that.
https://www.spiegel.de/netzwelt/netzpolitik/andreas-fink-mob...
Well, one way less, but I am sure there are enough obscure players on the planet that will be happy to fill the gap.
Edit: I don't think the headline is correct. The guy is not secretive at all https://www.linkedin.com/posts/afink_the-universal-ss7-libra... It's our telecom providers and the big public that are secretive about poor public infrastructure.