Security vulnerabilities in the UMTS network Spotted



Security vulnerabilities in the UMTS network:


IT experts have managed to bypass the encryption in the UMTS network.So here is an interesting news related with UTMS network and that seems so cool in whole.

Team Nohl cracks UMTS network

Wie the WDR, the ARD evening news and the Süddeutsche Zeitung consistently report, a team led by the Berlin IT security expert Karsten Nohl, overturn the UMTS network of Deutsche Telekom. So they could read along SMS traffic of members of parliament among others. Even the reading of mail and data generated in mobile online banking, is possible. However, the experts point out that there is a provider-cross-cutting issue and Telekom is not affected alone.

Gap in the SS7 protocol

Cause of the safety problem is, according to Nohl called the SS7 protocol encryption. It is used by the network providers for network with other providers, such as roaming partners. Also, it is sometimes necessary to exchange the data encryption for calls from a central office to the next, such as a phone call to continue even if one travels long distances. Nohl the team managed to gain access to the SS7 network abroad by posing as foreign exchange. So they came among others to the SMS of the deputies.

Privacy advocates are alarmed

The Schleswig-Holstein Data Protection Officer Thilo Weichert speaks on tagesschau.de of a “huge risk” and criticized that the system operator “absolutely irresponsible” to deal with the phone secret. Brisant is especially the fact that bank customers channeled their business over the supposedly safe UMTS network.

Telekom attack scenario is no longer possible

The Telekom stressed in a statement that the gap is known and we are dealing with a problem that all network operators would struggle worldwide. However, the company requires, the described scenario abuse requires a high expertise and criminal activity in the reaction. It was important to stay close to the subscriber, have a special receiver that is not available on the market and to gain access to the internal signaling network of mobile operator.

The company claims to have taken in recent months several measures to attacks against their customers within the SS7 problem. Based on the new information, the company now took additional security measures to prevent unauthorized requests to the encryption parameters. Thus, claims the Telekom, was no longer the attack scenario presented possible.

For further updates,keep visiting the site.Have a nice day…!! 🙂