CISA Warning: Commercial Spyware & SS7

The long-held assumption among corporate executives and government officials that switching to encrypted messaging apps like Signal or WhatsApp guarantees immunity from surveillance is rapidly eroding...

CISA’s warning touches upon legacy vulnerabilities in the telecommunications infrastructure itself. The agency highlights the continued abuse of Signaling System 7 (SS7), the protocol suite used by phone networks globally to route calls and texts. Despite decades of warnings, SS7 remains vulnerable to interception and location tracking. Sophisticated attackers can exploit these network flaws to intercept the SMS verification codes used to register Signal or WhatsApp accounts. By “porting” the target’s number to a device controlled by the attacker, they can effectively hijack the victim’s identity on these platforms. While Signal has introduced features like Registration Lock to mitigate this, adoption remains low among general users. (more)

The ‘Eavesdropping Scam’ — The Newest Scam Call Tactic

 How It Works

The Eavesdropping Scam is quite sophisticated. First, the scammer calls a potential victim from an unknown number and, since 79% of unknown calls go unanswered, leaves a voicemail. In the message, the scammer is heard talking to another person about the potential victim, claiming: “I’m trying to get ahold of them right now.” Similar to the Wangiri Scam, the Eavesdropping Scam relies on the victim being so interested that they choose to call back. Once the victim returns the call, the scammer can run a variety of scams, most commonly offering fraudulent tax relief services.

The Eavesdropping Scam deploys both a new tactic (leaving non-descriptive voicemails to get a call back) and a new script (pretending to discuss the recipient). 

The scam avoids most call protection services because it does not feature any of the typical scam call markers:
1) The calls use legitimate numbers,
2) people call the numbers back,
3) the call sounds very personal despite being a mass volume robocall, and
4) the content of the voicemail is so vague that it does not include any common fraud-related keywords. more

FutureWatch: Early (1930) Facetime Smartphone Calls

"This technology was predicted by many authors, futurists, and illustrators in the past. This one is one of the earliest illustrations on this subject; it was made in 1930. Again, the resemblance with a modern gadget that we all know as “smartphone” is uncanny." more

China May Be Tapped Out

The Trump administration is continuing with actions that cut telecom ties with China, including a new filing from the National Telecommunications and Information Administration that recommends that the Federal Communications Commission revoke China Telecom’s ability to carry international voice traffic between the U.S. and other countries...

China Telecom was authorized in 2007 to operate in the U.S. and it provides a suite of services that include voice, data television and business network services. It also operates a mobile virtual network operator, CTExcel, that targets Chinese Americans and Chinese tourists and students, according to the filing—but times and risks have changed, NTIA has concluded. 

It also said that 80% of the DoJ’s economic espionage cases where a foreign entity or government would benefit, have involved China. more

The Peregrination of a Childhood Promise

Finally, another childhood fantasy becomes reality. Hard on the heals of wall screen TVs; Dick Tracy's wrist radio.

• The now iconic 2-way wrist radio premiered in 1946 and was replaced with a 2-way wrist TV in 1964.
• 1952 prototype wrist radio.
• 1960's wrist radio.
• Apple watch Walkie-Talkie.
• FutureWatch: A "Real" Dick Tracy wrist radio watch. (Bluetooth)
• Wrist radios on ebay.
• Wrist radios on Amazon.
• In June of 1954, the radio was upgraded to increase the range from 500 miles to 1,000 miles, then again in 1956 to 2,500 miles. 

Chester Gould’s idea of Tracy wearing something like this on his wrist in the comic strip was actually turned down by his employer because it was thought to be too much of a cheat, so-to-speak, an easy way out for the detective who had been written into a scene where he was held captive with no possible way of escaping from the criminals.

It was then that Gould decided to call an inventor he had met, Al Gross (pictured above).

Al Gross was a man way ahead of his time with inventions such as the walkie-talkie. When Gross was just 16 years old, he already had an amateur radio operator's license and had built a ham radio going on to invent the first telephone pager in 1949.

When Gould stopped by, Al Gross had just recently invented a two-way radio that people could wear on their wrists, just like a watch. Gould asked Gross if he could use his idea and that’s where Dick Tracy’s wrist watch radio came into being. Gould was so appreciative that as a Thank You, he gave Gross the first four panels of the cartoon where Tracy is seen wearing and using the soon-to-be infamous gadget. The device proved to be the exact answer for Dick Tracy to rescue himself from the seemingly impossible situation.

Still on my list...
  UPDATE - 8/27/19
Apple reportedly kills project to turn iPhone into 'walkie talkie'
Damn!

The Avaya Phone Bug – Back From the Dead

Experts at McAfee Advanced Threat Research say they were just doing general studies of Avaya desk phone security when they stumbled on the reincarnated bug.

An attacker could exploit it to take over the phone’s operations, extract audio from calls, and even essentially bug the phone to spy on its surroundings.
 
“It was kind of a holy crap moment,” says Steve Povolny, McAfee's head of advanced threat research...

Though a fix is now available (again), the McAfee researchers note that it will take time for the patch to distribute out to all the corporate and institutional environments where vulnerable phones are lurking on every desk. more

My past posts about Avaya eavesdropping vulnerabilities. 

Update: Avaya is second only to Cisco in the enterprise VoIP market, and is used by almost all of the Fortune 100. The company's response and advisory notice can be found here.

Spy Tip: How to Break Out of Automated Phone Trees

Tired of Talking to a Voice Robot?
Want to Talk with a Human?
Skip the cue.
Try...

1. Dial O, or try multiple zeros.
2. You can add the # key or the * key before and after a 0.
3. Dial multiples of other numbers 1111, 2222, 3333, 4444, etc.
4. Being silent sometimes works (believe it or not some people still have rotary phones).
5. Speak non-sensible phrases to confuse computer.
6. Try speaking and repeating "Operator" or "Customer Service".
7. If there is a company directory, press just one letter and then try to connect to that person and then may transfer you or give you an inside phone number.
8. Make sure once you get a human, ask for the direct line to call.

 More listings here.

Breach at 10 of the World’s Biggest Telecoms, or Follow the Leader

A multi-year attack carried out by Chinese hackers was exposed recently, and the scope of it is beyond anything previously seen in nation-state cyber espionage.

Hacking group APT10, a notorious team that is widely believed to have Chinese government support, is believed to have compromised at least 10 major global carriers and used their networks to track and spy on high-profile business leaders and members of foreign governments.

 What makes this cyber espionage incident unique is that the Chinese hackers appear to have been following their targets as they move from country to country, hopping from one breached network to another as needed. While this ability is not new, this kind of mass scale has not been seen before. more

Pinky Promise from Huawei

A top Huawei executive said Tuesday that the company is willing to sign a "no-spy agreement" with the United States to reassure U.S. leaders who say the company's technology could be used for surveillance. The offer is similar to proposals the Chinese tech giant has made to the United Kingdom and Germany, and it comes after weeks of intense pressure from the Trump administration. more

Hackers Now Banking on Two-Factor Authentication for Profit

Sophisticated hackers have long exploited flaws in SS7, a protocol used by telecom companies to coordinate how they route texts and calls around the world. Those who exploit SS7 can potentially track phones across the other side of the planet, and intercept text messages and phone calls without hacking the phone itself. 

This activity was typically only within reach of intelligence agencies or surveillance contractors, but now Motherboard has confirmed that this capability is much more widely available in the hands of financially-driven cybercriminal groups, who are using it to empty bank accounts. So-called SS7 attacks against banks are, although still relatively rare, much more prevalent than previously reported. Motherboard has identified a specific bank—the UK's Metro Bank—that fell victim to such an attack...

One source familiar with SS7 attacks across banks said the exploitation has targeted banks globally, but that American banks seem to be less impacted. more

Reader comment: "Please note the Motherboard reporter carefully differentiates between "sophisticated hackers" and "financially-driven cybercriminal groups".  I hope you'll consider being equally judicious in your own reporting and online comments."

Auction: Some Remarkable Pieces of Telephone History

If you like old school gear that seems like it would kill you if you look at it wrong, well, we have an auction for you.

Click to Enlarge.

Auction Starts

Aug 4, 2018 11am EDT

The Telephone Pioneers of America was a group founded by various employees and bigwigs at telecom companies back in 1911. Alexander Graham Bell, the man Americans are often taught invented the telephone, was an early member.

At first, it was a way to create a community around the various people who pioneered the tech of telephony, then it shifted to a philanthropic mission. These days, it functions as a network of volunteers that help out in their community. Along the way, the non-profit set up a bunch of little museums around the U.S. dedicated to preserving old equipment and ephemera related to the history of the telephone.

Now, two of those branches are closing and you can buy their goods in an auction online or IRL on August 4th. Bruneau & Co, an auction house based in Cranston, Rhode Island, will handle the bidding. more

The Telephone Unmasked - The New York Times - October 13, 1877

The Telephone Unmasked

The New York Times

Published:  October 13, 1877

It is time that the atrocious nature of the telephone should be fully exposed, and its inventors, of whom there are any quantity, held up to execration.

When this nefarious instrument was first introduced, it was pretended that its purpose was an innocent one. We were told that the telephone would enable a man in New-York to hear what a man in Philadelphia might say; and though it was difficult to understand why anybody should ever want to listen to a Philadelphian’s remarks - which, notoriously, consist exclusively of allusions to the Centennial Exhibition and an alleged line of American steam-ships - there was nothing necessarily immoral in this possible use of the telephone.

Then it was claimed that by means of the telephone conversations could be carried on with other than Philadelphians, and that political speeches delivered in Washington could be heard in any city of the continent.

As the President was at that time making speeches in Vermont instead of Washington, the public was not alarmed by this announcement, and it was not until the telephonic conspirators mentioned that the uproar of a brass-band could be transmitted to any distance through the telephone that any general feeling of uneasiness was developed.

Nevertheless, the vast capabilities for mischief of the telephone, and the real purpose of its unprincipled inventors have been studiously concealed, and it is only by accident that the greatness and imminence of the danger to which the public is exposed have suddenly been revealed.

Suspicion ought to have been awakened by the recent publication of the fact that if the lamp-posts of our City were to be connected by wires, every confidential remark made to a lamp-post by a belated Democratic statesman could be reproduced by a telephone connected with any other lamp-post. It is true that this publication was ostensibly made in the interest of the Police force, and it was recommended that patrolmen should use the lamp-posts as means of communication with Police Head-quarters. It was evident, however, that the result would be to make every lamp-post a spy upon midnight wayfarers.

Men who had trusted to friendly lamp-posts for years, and embraced them with the upmost confidence in their silence and discretion, would find themselves shamelessly betrayed and their unsuspecting soliloquies literally reported to their indignant families; strange to say this suggestive hint of the powers of the telephone attracted no attention, and has ere this been in all probability forgotten.

A series of incidents which has lately occurred in Providence has, however, clearly shown the frightful capabilities of the telephone. Two men, to whom, so far as is known, no improper motive can be attributed, were recently experimenting with a telephone, the wire of which was stretched over the roofs of innumerable buildings, and was estimated to be fully four miles in length. They relate that on the first evening of their telephonic dissipation they heard men and women singing songs and eloquent clergymen preaching ponderous sermons; and that they detected several persons in the act of practicing upon brass instruments. This sort of thing was repeating every evening, while on Sunday morning a perfect deluge of partially conglomerated sermons rolled in upon them.

These are the main facts mentioned by the two men in what may be called their official report of their experiments, but it is asserted that they heard other things which they did not venture to openly repeat.

The remarks of thousands of midnight cats were borne to their listening ears. The confidential conversations of hundreds of husbands and wives were whispered through the treacherous telephone, and though the remarks of Mr. and Mrs. Smith were sometimes inextricably entangled with those of Mr. and Mrs Brown, and it was frequently impossible to tell from which particular wife came the direful threat, “O! I’ll just let you know,” or from what strong husband in his agony came the cry, “Leggo that hair!” the two astonished telephone experimenters learned enough of the secrets of the leading families of Providence to render it a hazardous matter for any resident of that city to hereafter accept a nomination for any office.

Now is has been ascertained that the wire of this telephone was not in contact with any other wire, and thus the hypothesis that the sounds heard by the two men were messages in process of transmission by the usual telegraphic wires is untenable. Moreover, a little reflection will show that cats do not send telegraphic messages, and that leading citizens do not transmit by telegraph petitions to their wives advocating a policy of conciliation in respect to hair.

The scientific persons whom the two men have consulted have no hesitation in saying that the telephonic wire picked up all the sounds in its neighborhood by the process of induction.

When the wire passed over a church, it took up the waves of sound set in motion by the preacher and reproduced them on the telephone. In like manner it collected the sounds from the concert-halls and dwelling-houses over the roofs of which it passed, and the peculiar distinctness with which is transmitted the remarks of cats was due to the fact that it must have passed in close proximity to several popular feline resorts.

We can now comprehend the danger of the telephone. If any telephonic miscreant connects a telephone with one of the countless telegraphic wires that pass over the roofs of the City there will be an immediate end of all privacy. Whatever is said in the back piazza by youthful students of the satellites of Mars will be proclaimed by way of the house-top to the eavesdropping telephone operator. No matter to what extent a man may close his doors and windows, and hermetically seal his key-holes and furnace-registers with towels and blankets, whatever he may say, either to himself or a companion, will be overhead.

Absolute silence will be our only safety. Conversation will be carried on exclusively in writing and courtship will be conducted by the use of a system of ingenious symbols. An invention which thus mentally makes silence the sole condition of safety cannot be too severely denounced, and while violence even in self-defense, is always to be deprecated, there can be but little doubt that the death of the inventors and manufacturers of the telephone would do much toward creating that feeling of confidence which financiers tell us must precede any revival of business.

New Jersey: Wiretap, Spycam & GPS Tracking Laws

This is an excellent article covering phone recording, video surveillance and GPS tracking in New Jersey...

As technology rapidly advances and becomes more sophisticated, attorneys, litigants and the courts must grapple with the use of modern surveillance in the context of litigation in family matters.

Surveillance can be useful in some situations, and litigants often resort to surveillance of their spouse to gather what they perceive to be valuable evidence. That evidence, whether it be video footage, recorded telephone calls, GPS tracking, digital copies of hard drives or other forms of surveillance, may be used at trial or simply to gain leverage in settlement negotiations. Nevertheless, this type of activity does not come without risk.

Without careful guidance and an understanding of the legal implications, surveillance can place attorneys in jeopardy of legal or ethical violations, and could also undermine the client’s position (e.g., something of limited evidential value could backfire on the client).

This article explores three surveillance techniques and analyzes the risks and rewards of each. more

Personal Phone Calls at Work Can Put Employers in Jeopardy

This from a California court: Employers unwise to permit use of company telephones for personal calls—at least if the employer plans to record those calls.

• Two-party consent means two-party consent: All parties to a call must be told the call is going to be recorded and must consent.
• Employers with recording systems should consider barring use of company telephones for personal calls and making sure that people receiving calls on a recorded line automatically are informed, up front, that the call will be recorded.
• Barring all personal calls is not necessary, but it may offer some protection against the legal consequences of a breakdown in the employer’s system of ensuring notice to all parties before the recording begins.

In a for-publication opinion, the California Court of Appeal has warned employers that it is not enough to tell employees they have no right of privacy if they use the employer’s telephones for personal calls: the employer might still be liable to third persons whose telephone calls are recorded. Rojas v. HSBC Card Servs. Inc., ___ Cal. App. 4th ___, No. D071442, 2018 WL 802094 (Cal. Ct. App. Fourth Dist. Jan. 16, 2018). more

Note: Many other states follow the more restrictive version of Federal law–two party consent–as well. ~Kevin

Better Secure Voice over Internet - Novel Solution

Researchers at the University of Alabama at Birmingham have developed a novel method to better protect Crypto Phones from eavesdropping and other forms of man-in-the-middle attacks.
Crypto Phones consist of smartphone apps, mobile devices, personal computer or web-based Voice over Internet Protocol applications that use end-to-end encryption to ensure that only the user and the person they are communicating with can read what is sent. In order to secure what is being communicated, Crypto Phones require users to perform authentication tasks.

Research has shown that these tasks are prone to human errors, making these VoIP applications and devices highly vulnerable to man-in-the-middle and eavesdropping attacks... more

A long, technical, interesting read.

Extra Credit... The 4 Best Phones for Privacy & Security

Telephone Eavesdropping Prevention - Then and Now

1920's - Hush-A-Phone...

Click to enlarge. Video. More.

2018 - Hushme...

1960 v 2018...

Goodluck Jonathan's Wife - Claims Repeated Phone Bugging

Nigeria - Mrs. Patience Jonathan, wife of former President Goodluck Jonathan, has accused the Economic and Financial Crimes Commission of sending assassins after her. 

Patience also accused the anti-graft agency of bugging her telephone lines, adding that agents of the commission had been sending threatening text messages to her.

The former President’s wife said, “The EFCC and its agents have repeatedly bugged the personal telephones of our client and her relations through its many operatives and has inundated her with numerous threatening calls and text messages.” more

Security Alert: If Your Phone Says Avaya... ask IT about this.

Internet telephony company Avaya has patched a high-severity vulnerability in its Aura Application Enablement Services product that put phone call and API data running through the server at risk for interception.

Researchers at Digital Defense found a vulnerability where an attacker could, without authentication, abuse Remote Procedure Calls (RPC) into the server and modify input in such a way that they would be granted remote administrative access...

“Anything that passes through that server [would be at risk],” said Mike Cotton, vice president of research and development... “An attacker could send malformed input at the interfaces and take control over the service and any voice data...  “Eventually you can get root command through remote compromise,” he said.

In an advisory updated June 14, Avaya said versions 6.3.1, 6.3.2, 6.3.3 and 7.x are affected. The company said that versions 6.3.1, 6.3.2 and 6.3.3 should install Super Patch 7 and apply AE Services 6.3.3.7 security hotfix. Users on 7.0.x should upgrade to 7.0.1 and install Super Patch 4 and AE Services 6.3.3.7 security hotfix as well. Users on 7.1 should apply AE Services 7.1.0.0.0 Security Hotfix.

“Certainly for enterprises that use the product, this is a high-impact vulnerability,” Cotton said. “The ultimate severity is how many business-critical apps are attached to this thing and where it’s sitting within the network infrastructure. This is something I would prioritize and move to the top of patching lists.” more

"Make Your Phone as Private as a Phone Booth"

The Hush-A-Phone
A voice silencer designed for confidential conversation, clear transmission and office quite. Not a permanent attachment. Slips right on and off the mouthpiece of any phone.

Office quite during phone talks is also assured. The Hush-A-Phone does not allow your voice to escape into the room. It excludes noises from the transmitter, giving a quiet wire and clearer transmission.


Prominent business firms are using it and recommend it as an efficiency promoter.

Tear this (ad) out and mail with your letterhead for free booklet "How to make your phone as private as a booth."

Agents and Salesmen—Write for particulars of our attractive proposition to General Agents and Salesmen.

HUSH-A-PHONE CORPORATION
19 Madison Ave.,
New York City

Telephone Eavesdropper Learns The Beatles Were Right

UK - A multi-millionaire property developer strangled a burlesque dancer after bugging her home
and learning that she was planning to “fleece him”, a court heard yesterday.

Peter Morgan, 54, had been paying Georgina Symonds, a 25-year-old single mother, up to £10,000 a month to stop seeing other men after meeting her while she was working as an escort.

He decided to murder her after listening in to a telephone conversation in which she told a male friend that she was planning to leave Mr Morgan, a jury was told. more sing-a-long