Lone Packet Crashes Telco Networks 57
mask.of.sanity writes "A penetration tester has shown that GSM communications systems can be taken down with a handful of malformed packets. The weakness was in the lack of security around the Home Location Register server clusters which store GSM subscriber details as part of the global SS7 network. A single packet, sent from within any network including femtocells, took down one of the clusters for two minutes."
Hardly surprising... (Score:3, Informative)
Cellular standards like GSM and UMTS (no idea about other standards like LTE or CDMA) are not designed to be secure. They are designed to be complex to implement and to use as many pieces of patented technology as possible.
Re:Hardly surprising... (Score:4, Informative)
A missing break statement (Score:2, Informative)
A missing break statement was what brought down the eastern phone network in North America about 20 years ago. And the same simple problem seems to happen again.
Re:Hardly surprising... (Score:5, Informative)
Well, no.
The barrier to entry for a firefox security hole is really, really low.
Typically anyone with a computer can do it, with no external equipment.
In addition, it's typically legal to do. (though that may not stop some).
Knowledge of how tcp/ip and similar standards work is widespread, and lots of people know this.
For hacking cell networks, it's a bit different.
It's basically a completely different set of protocol stacks unrelated to tcp/ip - so you have to learn a whole bunch to even attempt it.
You need a few thousand dollars (this may have come down slightly) of specialised equipment to do the attack.
You are doing something that is often illegal, or of dubious legality at best.
All of these combine to make the pool of attackers orders of magnitude smaller.
Re:Hardly surprising... (Score:3, Informative)
Security through obscurity is a perfectly fine layer of security.