Experts report on a vulnerability in the mobile network that applies to all network operators worldwide. DT has taken additional security measures to prevent any attacks.
The scenario in question revolves around a new aspect of the known difficulties with the so-called SS7 protocol; it applies to every carrier across the globe.
Committing this kind of misuse requires a high degree of expert knowledge and criminal energy. In short, this represents a concerted effort to spy on specific individuals. It can only work when very near to the person of interest, with a special receiver that cannot be purchased on the open market and with access to mobile operators’ internal signaling network. The attacker must essentially access the network of the person being spied on by pretending to be a foreign mobile network operator.
Deutsche Telekom has taken various measures (e.g. SMS home routing) in recent months to further limit attacks on its customers made possible by the SS7 issue. With the information currently at its disposal, the company has taken additional security measures to prevent unauthorized requests to the encryption parameters. The attack scenario in question is now no longer possible.
However, all the measures by individual network operators are nothing more than a bandage. A permanent solution can only be developed by the entire industry. This includes network operators, manufacturers of network infrastructure equipment and of terminals, industry associations and standardization committees like ETSI and the GSMA. To better protect customers and their interests, the industry of course needs the comprehensive findings and insights of experts like Carsten Nohl. That is why DT is interested in being in close contact with external experts like the Chaos Computer Club. The company shares its findings and methods with other providers and takes an active role in industrial associations like the GSMA to improve the global security level of mobile communication standards.