Hmm, instead of securing their networks and pushing for better security standards they'll cut access to one fish. Is that an ideal strategy? Some other bigger meaner fish will still use those vulnerabilities. I was wondering if the GSMA is or should regularly perform security audits.
https://www.gsma.com/security/gsma-mobile-security-research-acknowledgements/ Or perhaps award publicly visible badges of honor to those mobile networks that are not vulnerable to similar attacks. I mean how many companies do we know? that publicly stated: Hello our mobile users btw. we fixed those vulnerabilities in our network! You should now be better protected. I never got any such information from any of my providers. Did you? Beste Grüsse, Regards si s-auzim de bine Florin Sfetea On Friday, May 19, 2023, 12:00:21 PM GMT+2, <swinog-requ...@lists.swinog.ch> wrote: Send swinog mailing list submissions to swinog@lists.swinog.ch To subscribe or unsubscribe via email, send a message with subject or body 'help' to swinog-requ...@lists.swinog.ch You can reach the person managing the list at swinog-ow...@lists.swinog.ch When replying, please edit your Subject line so it is more specific than "Re: Contents of swinog digest..." Today's Topics: 1. Re: Sicherheit von SS7 - mit Schweiz-Bezug (Ralph Krämer) ---------------------------------------------------------------------- Message: 1 Date: Thu, 18 May 2023 22:33:17 +0200 (CEST) From: Ralph Krämer <ralph.krae...@vable.ch> Subject: [swinog] Re: Sicherheit von SS7 - mit Schweiz-Bezug To: swinog <swinog@lists.swinog.ch> Message-ID: <172298345.199.1684441997706.javamail.zim...@vable.ch> Content-Type: text/plain; charset=utf-8 nice : https://www.spiegel.de/netzwelt/netzpolitik/andreas-fink-mobilfunkverband-geht-gegen-schweizer-ss7-dienstleister-vor-a-d012c1dd-afb7-4ead-9571-59653abc17e1?sara_ref=re-xx-cp-sh about time ;-) ----- Am 15. Mai 2023 um 13:31 schrieb Florin Sfetea via swinog swinog@lists.swinog.ch: > Hello all, > > I was reading this old(2018) ENISA Report [ > https://www.enisa.europa.eu/publications/signalling-security-in-telecom-ss7-diameter-5g/@@download/fullReport > | > https://www.enisa.europa.eu/publications/signalling-security-in-telecom-ss7-diameter-5g/@@download/fullReport > ] > Might help in some way but reading it had reminded me of ARP > spoofing/poisoning > attacks which even today are still used and work in a lot of networks that I > have been. :) > > One year later I had open a case with Salt where I requested a public > statement > that they had fixed/mediated the issues discovered up to that time(March 2019) > or at least that a remediation plan was in place. > > Someone from Support answered that " The introduction of 5G will only take > place > if data security is guaranteed for our customers and we can assume that the > security issue will not lead to a delay in the introduction of 5G. " > > I was not satisfied ::)) with the answer and requested an escalation > > They eventually closed my case in July 2019 with: > > " Dear Sir, > > > Salt follows industry best practices in terms of security for its entire > mobile > infrastructures and improves constantly the protection of its mobile > infrastructures and customers. The case you mention is known and has been > addressed accordingly. > " > No public statement nor such other mentions of which fix was exactly > addressed. > > I don't have anything with any mobile provider. At that time it was just > happen > to be Salt. I move from time to time to different other ones. > > I think we should have here in Switzerland more or less a same similar to > ENISA > organization that should supervise and perform regular audits on mobile > providers. Melani/NCSC would that fit your bill? > > I never really had time to further test if any of those vulnerabilities or > newer > where actually fixed. Someone should definitely do it. Free for fame or payed > from a government branch is to > [ > https://www.gsma.com/security/gsma-mobile-security-research-acknowledgements/ > | > https://www.gsma.com/security/gsma-mobile-security-research-acknowledgements/ > ] > > > Regards, > Florin > > _______________________________________________ > swinog mailing list -- swinog@lists.swinog.ch > To unsubscribe send an email to swinog-le...@lists.swinog.ch ------------------------------ Subject: Digest Footer _______________________________________________ swinog mailing list -- swinog@lists.swinog.ch To unsubscribe send an email to swinog-le...@lists.swinog.ch ------------------------------ End of swinog Digest, Vol 219, Issue 11 ***************************************
_______________________________________________ swinog mailing list -- swinog@lists.swinog.ch To unsubscribe send an email to swinog-le...@lists.swinog.ch
