re: The Conficker Worm: April Fool's Joke or Unthinkable Disaster? [Telecom]

> ***** Moderator's Note ***** > > Although this is on the edge for telecom, I'm allowing it in order to > encourage a debate about security in the SS7 networks. It occurs to me > that it may be possible to code a worm which could allow remote access > to central office software, and there are no AV programs in CO's that > I know of. > > Bill Horne > Temporary Moderator > >

Don't think so, Bill. SS7 was developed first and foremost to get interoffice signaling out of band to stop the blue boxers. The first iteration was CCIS, common channel interoffice signaling. Remember multi-freq? (I know you do.)

The old MF was just data carried on the voice channel; no direct access to any aspect of the switch program or call control systems. All the SS7 channel does is pass call setup information, including CLID. Sure, CLID can be spoofed by those who control the CLID origination message, but that is hardly access to the switch program or call control software.

I can't speak for other LECs, but Pacific Bell (then SBC, now the new AT&T) in California and Nevada used to let authorized engineers call in on directory numbers that ported to switch software where they could do everything they could do at the counsel in the central office. That required a pass code, but the hackers figured that one out. So, in the late 1980s, as I recall, they increased the security to where an authorized engineer in the field would call network control who had names, employee numbers, and pass codes that changed weekly. If the engineer passed muster the network control supervisor would open the port for five minutes. And, then use a one-time pass code just assigned by the network center supervisor. So, if the engineer in the field didn't get on in that time window the port would close. A hacker could call the c.o. port number any other time and get a no answer.

***** Moderator's Note *****

At N.E.T., they would simply unplug the modems: the vendors had to call in to a control center, be vetted, and wait for a tech to go to the office and plug in the access modem.

But that's not what worries me. The maintenance port is, of course, a serious security concern, but it isn't safe to assume that SS7 is "secure" because it's _supposed_ to carry only call data.

The problem isn't the network: the problem is that central office software is a "monoculture", like Windows, and anyone who finds a hole in one switch will have access to every switch that's connected to the network.

I did, of course, publish that on April 1, so I'll say right now that I'm serious (and it's April 2 now).

Bill Horne Temporary Moderator

Please put [Telecom] at the end of your subject line, or I may never see your post! Thanks!

We have a new address for email submissions: telecomdigestmoderator atsign This is only for those who submit posts via email: if you use a newsreader or a web interface to contribute to the digest, you don't need to change anything.

Reply to
Sam Spade
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.