For years experts have warned that a technology at the centre of global communications is dangerously exposed. Now there is more evidence that it has been used to snoop on people in America.
多年来,专家们一直警告全球通信中心的一项技术暴露在危险中。现在有更多证据表明,这项技术在美国用来监视人们。
Kevin Briggs, an official at America’s Cybersecurity and Infrastructure Security Agency, told the Federal Communications Commission (fcc), a regulator, earlier this year that there had been “numerous incidents of successful, unauthorised attempts” not only to steal location data and monitor voice and text messages in America, but also to deliver spyware (software that can take over a phone) and influence voters from abroad via text messages. The comments were first reported by 404 Media, a technology news website. America’s big mobile operators have erected better defences in recent years. But much of the world remains vulnerable.
美国网络安全和基础设施安全局的官员凯文·布里格斯(Kevin Briggs)今年早些时候告诉联邦通信委员会(FCC),不仅有大量成功且未经授权尝试盗取位置信息和监控美国的语音和短信,还有通过短信传送间谍软件(能够接管手机的软件)并从国外影响选民的情况。据科技新闻网站404 Media报道,这些言论首次披露。近年来,美国的大型移动运营商建立了更好的防御措施,但世界上大部分地区仍然脆弱。
The hacks were related to an obscure protocol known as Signalling System 7 (ss7) as well as a newer one called Diameter. Developed in the 1970s to allow telecoms firms to exchange data to set up and manage calls, nowadays ss7 has more users than the internet. Security was not a big issue when ss7 was first introduced because only a few fixed-line operators could get access to the system. That changed in the mobile age. ss7 became crucial for a wide range of tasks, including roaming. According to the us Department of Homeland Security, ss7 is a particular risk because there are “tens of thousands of entry points worldwide, many of which are controlled by states that support terrorism or espionage”.
这些攻击与被称为信令系统7(SS7)的不为人知的协议以及一种较新的协议Diameter有关。SS7在1970年代开发,用于电信公司交换数据以建立和管理通话。如今,SS7的用户比互联网还多。SS7在推出时,安全性不是大问题,因为只有少数固定线路运营商可以访问该系统。但在移动时代,一切都改变了。SS7对各种任务至关重要,包括漫游。根据美国国土安全部的说法,SS7特别危险,因为全球有“数以万计的接入点,其中许多由支持恐怖主义或间谍活动的国家控制”。
Security experts have known for more than 15 years that the protocol was vulnerable in several ways. In 2008 Tobias Engel, a security researcher, showed that ss7 could be used to identify a user’s location. In 2014 German researchers went further, demonstrating that it could also be exploited to listen to calls or record and store voice and text data. Attackers could forward data to themselves or, if they were close to the phone, hoover it up and tell the system to give them the decryption key. Surveillance companies and spy agencies had known about the issue for a lot longer. Many were taking advantage of it.
15年来,安全专家已经知晓这种协议在多个方面存在漏洞。2008年,安全研究员托比亚斯·恩格尔(Tobias Engel)展示了SS7可用来识别用户的位置。2014年,德国研究人员进一步展示其还可被利用来监听通话或记录,存储语音和短信数据。攻击者可以将数据转发给自己,或者如果他们靠近手机,可以吸收数据并让系统给他们解密密钥。监视公司和间谍机构早就知道这个问题,并且一直在利用它。
In April 2014 Russian hackers exploited ss7 to locate and spy on Ukrainian political figures. In 2017 a German telecoms firm acknowledged that attackers had stolen money from customers by intercepting sms authentication codes sent from banks. In 2018 an Israeli surveillance company used a mobile operator in the Channel Islands, a British territory, to get access to ss7 and thus users around the world.
2014年4月,俄罗斯黑客利用SS7定位和监视乌克兰政治人物。2017年,一家德国电信公司承认攻击者通过拦截银行发送的短信验证码从客户那里窃取了资金。2018年,一家以色列监视公司利用英属海峡群岛的一家移动运营商访问SS7,从而获取全球用户信息。
That route is thought to have been used to track an Emirati princess who was abducted and returned to the United Arab Emirates in 2018. And in 2022 Cathal McDaid of enea, a Swedish telecoms and cyber-security company, assessed that Russian hackers had long been tracking and eavesdropping on Russian dissidents based abroad by the same means.
据认为,2018年被绑架并送回阿联酋的阿联酋公主就是通过这种方式被追踪的。2022年,瑞典电信和网络安全公司Enea的Cathal McDaid评估称,俄罗斯黑客长期以来一直通过同样的方式追踪和窃听在国外的俄罗斯异见人士。
Beginning in 2014 hackers stole huge amounts of data from the Office of Personnel Management, the government agency that manages America’s federal civil service. The most sensitive data were security-clearance records, which contain highly personal details. But phone numbers were also stolen. According to semi-redacted slides published by the us Department of Homeland Security, American officials noticed “ss7 anomalous traffic” that summer which they believed was related to the breach.
从2014年开始,黑客从管理美国联邦公务员的政府机构人事管理办公室窃取了大量数据。最敏感的数据是安全审查记录,其中包含高度个人化的细节,包括电话号码。根据美国国土安全部发布的部分编辑过的幻灯片,美国官员注意到那个夏天出现了“SS7异常流量”,他们认为这与数据泄露有关。
On my main phone
我的主手机
Mr Briggs’s comments to the fcc bring the scope of the ss7 problem into sharper focus. “Overall”, he said, the incidents he reported were “just the tip of the proverbial iceberg of ss7- and Diameter-based location and monitoring exploits that have been used successfully.” American mobile operators are sensibly stripping out ss7 from their networks, but, to varying degrees, all still have roaming connections with the rest of the world, where the protocol remains ubiquitous. Moreover, although the newer Diameter protocol is an improvement in several respects, it nonetheless “has many of the same vulnerabilities” as ss7, argues Mr McDaid, “and is worse in some ways.”
布里格斯对FCC的评论使SS7问题的范围更加清晰。他说:“总体而言,这些事件只是成功利用SS7和Diameter进行定位和监控的冰山一角。”美国移动运营商正在明智地从他们的网络中剔除SS7,但在不同程度上,他们仍然与世界其他地方保持漫游连接,而那里SS7协议仍然普遍存在。此外,尽管新的Diameter协议在多个方面有所改进,但仍然“具有与SS7相同的许多漏洞”,并且在某些方面“更糟糕”。
One reason that telecoms firms have neglected to address the issue is that most attackers have political rather than commercial motives. Surveillance tends to be focused on a very small number of high-value targets. “The attackers generally don’t aim to damage the workings of the mobile network,” notes Mr McDaid. Because the impact is on the individual rather than the company, he says, “Sometimes, the incentives to put in protection are not fully aligned.” Mobile operators need to monitor their networks, update software and conduct regular “penetration tests”, drills in which they subject their own networks to simulated attack, he says.
电信公司忽视解决问题的一个原因是,大多数攻击者具有政治动机而非商业动机。监控往往集中在少数高价值目标上。“攻击者通常不打算破坏移动网络的运行,”McDaid指出。因为影响的是个人而不是公司,他说,“有时,采取保护措施的动力并不完全一致。”他建议移动运营商需要监控他们的网络,更新软件并进行定期的“渗透测试”,即在他们自己的网络上模拟攻击进行演练。
Phone users can protect themselves against ss7-based eavesdropping (but not location tracking) by using end-to-end encrypted apps such as WhatsApp, Signal or iMessage. But these, too, can be circumvented by spyware that takes over a device, recording keystrokes and the screen. In April Apple warned users in 92 countries that they had been targeted by a “mercenary spyware attack”. On May 1st Amnesty International published a report showing how “a murky ecosystem of surveillance suppliers, brokers and resellers” from Israel, Greece, Singapore and Malaysia had put powerful spyware into the hands of several state agencies in Indonesia. That, too, is the tip of an iceberg. ■
手机用户可以通过使用WhatsApp、Signal或iMessage等端到端加密应用来保护自己免受基于SS7的窃听(但位置追踪很难避免)。但这些也可以通过接管设备的间谍软件来规避,记录按键和屏幕。4月,苹果警告92个国家的用户,他们成为“雇佣间谍软件攻击”的目标。5月1日,国际特赦组织发布报告,显示来自以色列、希腊、新加坡和马来西亚的“一个隐秘的监视供应商、经纪人和转售商生态系统”已将强大的间谍软件交到了印尼的多个国家机构手中。这也是冰山一角。
原创文章,作者:guozi,如若转载,请注明出处:https://www.sudun.com/ask/79582.html