Published Date: 2016-04-18
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident related to the SS7 vulnerability happened in 2014 [42768]. 2. The incident was demonstrated over a year later for CBS’s 60 Minutes, which would place it around 2015 [42768]. 3. The incident was highlighted in an article published on April 18, 2016 [42968]. |
| System | 1. Signalling System No 7 (SS7) [42968, 42747, 42768] |
| Responsible Organization | 1. Hackers exploited a flaw in the global telecom network SS7, causing the software failure incident [42968, 42747, 42768]. |
| Impacted Organization | 1. Mobile phone users, including congressman Ted Lieu, who had their phone conversations, whereabouts, and emails accessed [42968, 42747, 42768] 2. Security agencies and intelligence agencies that could potentially exploit the vulnerabilities in the SS7 system [42968, 42747, 42768] 3. Organizations, government officials, and individuals in positions of power who could be targeted for surveillance [42747, 42768] |
| Software Causes | 1. The software cause of the failure incident was the exploitation of a flaw in the global telecom network called Signal System 7 (SS7) that allowed hackers to access phone conversations, whereabouts, and emails using just the phone number [42968, 42747, 42768]. |
| Non-software Causes | 1. Lack of proper security measures in the global telecom network SS7, allowing hackers to exploit vulnerabilities [42968, 42747, 42768] 2. Inadequate monitoring and intrusion detection systems in mobile phone networks [42747] 3. Potential misuse of the SS7 system by government agencies for surveillance purposes [42747, 42768] |
| Impacts | 1. The software failure incident involving the exploitation of the SS7 vulnerability had significant impacts on privacy and security, allowing hackers to access phone conversations, track locations, and read text messages using just a phone number [42968, 42747, 42768]. 2. The vulnerability exposed by the SS7 flaw posed a threat to billions of mobile phone users globally, potentially making them vulnerable to surveillance by criminals, commercial spies, and suspected terrorists [42968, 42747]. 3. The incident highlighted the lack of control users have over their privacy and security, as the attack targeted the mobile network itself rather than individual phone settings or choices [42768]. 4. The risk of interception of two-step verification codes and sensitive information transmitted via calls or text messages raised concerns about potential fraud and malicious attacks [42747]. 5. The incident underscored the importance of using secure communication methods such as encrypted messaging services and voice over data to protect against snooping via SS7 [42747]. 6. The exposure of the SS7 vulnerabilities led to efforts by mobile phone operators and security researchers to monitor and analyze the SS7 systems to prevent unauthorized access, although the success of these measures may vary on a network-by-network basis [42747]. |
| Preventions | 1. Implementing stronger security measures within the SS7 system to prevent unauthorized access and exploitation [42968, 42747, 42768]. 2. Regular security audits and testing of the SS7 system to identify and address vulnerabilities [42968, 42747]. 3. Enhancing encryption protocols and privacy measures within the global telecom network to protect user data and communications [42968, 42747]. 4. Utilizing encrypted messaging services like Apple's iMessage, WhatsApp, or Signal for secure communication [42747]. 5. Using services that carry voice over data instead of traditional voice call networks to prevent call interception [42747]. 6. Turning off mobile phone connections to the network when not needed to avoid location tracking [42747]. 7. Implementing network-level security measures to detect and prevent unauthorized access to the SS7 system [42747]. |
| Fixes | 1. Implementing stronger security measures within the SS7 system to prevent unauthorized access and exploitation [42968, 42747, 42768]. 2. Regular security audits and monitoring of the SS7 system to detect intrusions or abuse [42747]. 3. Encouraging the use of encrypted messaging services like Apple's iMessage, WhatsApp, or Signal to protect text messages from surveillance [42747]. 4. Using services that carry voice over data instead of traditional voice call networks to prevent call snooping [42747]. 5. Turning off mobile phone connections or relying on Wi-Fi instead to avoid location tracking [42747]. 6. Enhancing user awareness about the vulnerabilities of the SS7 system and providing guidance on secure communication practices [42968, 42747, 42768]. | References | 1. Security Research Labs in Berlin [42968] 2. German researchers [42968] 3. American Civil Liberties Union [42968] 4. GSMA (mobile phone operators’ trade association) [42747] 5. Karsten Nohl [42747, 42768] 6. Chaos Communication Congress hacker conference [42747] 7. Hacking Team [42747] 8. CBS's 60 Minutes [42747, 42768] 9. US National Security Agency [42768] |
| Category | Option | Rationale |
|---|---|---|
| Recurring | one_organization, multiple_organization | (a) The software failure incident related to tracking locations and snooping on phone calls and texts using the SS7 system has happened again at the same organization. German security researcher Karsten Nohl demonstrated the hack for CBS's 60 Minutes, showing how he tracked a brand new phone given to US congressman Ted Lieu in California from his base in Berlin using only its phone number [Article 42768]. (b) The software failure incident related to exploiting the SS7 system vulnerability has also happened at multiple organizations. The article mentions that security services, including the US National Security Agency, are also thought to use the SS7 system to track and snoop on target users [Article 42768]. Additionally, the American Civil Liberties Union has warned people against using their handset in light of the breaches, indicating a broader impact beyond a single organization [Article 42968]. |
| Phase (Design/Operation) | design, operation | (a) The software failure incident related to the design phase is evident in the articles discussing the vulnerability in the Signalling System No. 7 (SS7) network. The flaw in SS7, which is a global telecom network used by phone carriers to route calls and texts, was exploited by hackers to gain access to phone conversations, track locations, and intercept messages [42968, 42747, 42768]. This vulnerability was not a result of a single incident but rather a design flaw in the SS7 system itself, which was initially developed in the 1970s and had serious vulnerabilities that undermined the privacy of billions of cellular customers [42968, 42747]. (b) The software failure incident related to the operation phase is highlighted in the articles where hackers demonstrated the ability to track locations, snoop on phone calls, and intercept text messages by exploiting the SS7 system [42968, 42747, 42768]. This operation failure was due to the misuse of the SS7 system, which allowed hackers to gain unauthorized access to sensitive information and conduct surveillance on individuals. The operation failure was not caused by a specific incident but rather by the inherent vulnerabilities in the SS7 system that could be exploited by hackers or security services [42968, 42747, 42768]. |
| Boundary (Internal/External) | within_system, outside_system | (a) within_system: The software failure incident related to the SS7 vulnerability can be categorized as within_system. The flaw in the global telecom network SS7 allowed hackers to exploit functions built into SS7 for other purposes, such as call routing, to conduct surveillance and intercept calls and messages [42968, 42747, 42768]. The vulnerability was inherent within the SS7 system itself, allowing unauthorized access and snooping capabilities [42968, 42747, 42768]. (b) outside_system: The software failure incident related to the SS7 vulnerability can also be categorized as outside_system. The vulnerability stemmed from external factors such as hackers exploiting the SS7 system, which is a global network connecting mobile phone carriers [42968, 42747, 42768]. The hackers leveraged weaknesses in the SS7 system to gain access to sensitive information like phone calls, texts, and location data, highlighting the external nature of the threat [42968, 42747, 42768]. |
| Nature (Human/Non-human) | non-human_actions, human_actions | (a) The software failure incident occurring due to non-human actions: - The software failure incident in the articles is primarily due to a flaw in the global telecom network called Signal System 7 (SS7) [42968, 42747, 42768]. - Hackers exploited vulnerabilities in SS7, a system that connects mobile phone networks, to gain access to phone calls, text messages, and location tracking using just the phone number as an identifier [42968, 42747, 42768]. - The SS7 system, designed in the 1980s, was found to be riddled with serious vulnerabilities that undermine the privacy of billions of cellular customers [42968]. - The flaw in SS7 allowed hackers to intercept calls, steal data, and geo-track someone's location, showcasing the vulnerability of the system [42747]. - The attack on the SS7 system was demonstrated by German security researcher Karsten Nohl, who showed how easy it was to track a person's location, read their messages, and listen to their calls using only their phone number [42768]. (b) The software failure incident occurring due to human actions: - The exploitation of the SS7 system by hackers was a result of repurposing features built into SS7 for surveillance due to lax security on the network [42968]. - Security researchers, including Karsten Nohl, demonstrated the vulnerability of the SS7 system, highlighting the potential for remote surveillance powers that could be used by hackers, governments, or other entities with access to the system [42747]. - The hack into SS7 allowed attackers to track a person's location, read their text messages, and listen to their phone calls, showcasing the extent of the breach in privacy [42768]. - The flaws in the SS7 system were discovered by researchers and hackers, indicating that human actions in exploiting these vulnerabilities led to the software failure incident [42968, 42747, 42768]. |
| Dimension (Hardware/Software) | software | (a) The articles do not mention any software failure incidents occurring due to contributing factors originating in hardware. (b) The software failure incidents mentioned in the articles are related to vulnerabilities in the Signalling System No. 7 (SS7) network protocol, which is a global telecom network used by phone carriers to route calls and texts. The flaws in SS7 allowed hackers to exploit the system and gain access to phone conversations, text messages, and location tracking using just the phone number as an identifier. This software failure incident is a result of contributing factors originating in the software, specifically the vulnerabilities in the SS7 protocol [42968, 42747, 42768]. |
| Objective (Malicious/Non-malicious) | malicious | (a) The objective of the software failure incident was malicious: - The software failure incident involved hackers exploiting a flaw in the global telecom network SS7 to gain unauthorized access to phone conversations, whereabouts, and emails by using just the phone number [42968]. - Hackers demonstrated the ability to track a person's location, read their text messages, and listen to their phone calls by hacking into the SS7 system, with the intent to snoop on individuals' private information [42768]. - Criminals, commercial spies, and suspected terrorists were reported to be exploiting the security loophole in SS7 for their own benefit by accessing the system [42968]. (b) The objective of the software failure incident was non-malicious: - The software failure incident was not non-malicious as it involved intentional exploitation of vulnerabilities in the SS7 system by hackers to gain unauthorized access to sensitive information [42747]. - The vulnerability in the SS7 system allowed hackers, governments, or anyone with access to it to conduct remote surveillance on mobile phone users without their knowledge or consent, indicating a malicious intent behind the exploitation [42747]. |
| Intent (Poor/Accidental Decisions) | unknown | (a) The intent of the software failure incident: - The software failure incident related to the SS7 vulnerability was not due to poor decisions but rather due to inherent flaws in the SS7 system that were exploited by hackers [42968, 42747, 42768]. - The vulnerability in the SS7 system allowed hackers to track locations, snoop on phone calls and texts, and intercept two-step verification codes, showcasing a systemic flaw rather than a result of poor decisions [42968, 42747, 42768]. |
| Capability (Incompetence/Accidental) | development_incompetence, accidental | (a) development_incompetence: - The software failure incident related to the SS7 vulnerability can be attributed to development incompetence as it was a flaw in the global telecom network SS7 that allowed hackers to exploit the system and gain access to phone conversations, whereabouts, and emails [42968]. - The flaw in the SS7 system was actually functions built into SS7 for other purposes, but hackers repurposed these features for surveillance due to lax security on the network [42968]. - The vulnerabilities in SS7 were first uncovered by security researchers, including Karsten Nohl, demonstrating a lack of professional competence in ensuring the security of the system [42747]. (b) accidental: - The software failure incident related to the SS7 vulnerability can also be considered accidental as the flaws in the SS7 system were not intentionally designed for surveillance purposes but were exploited by hackers for such activities [42968]. - The hack using SS7 to track locations, snoop on phone calls, and read texts was demonstrated by German security researcher Karsten Nohl in 2014 and was shown to still be active over a year later, indicating an accidental vulnerability in the system [42768]. |
| Duration | permanent | (a) The software failure incident described in the articles is more of a permanent nature. The vulnerability in the Signalling System No. 7 (SS7) network infrastructure allows hackers to exploit the system and gain access to sensitive information such as phone calls, text messages, and location tracking using just a phone number. This flaw in the SS7 system has been demonstrated multiple times by security researchers, including Karsten Nohl, and has been shown to still be active even after being initially uncovered in 2014 [Article 42968, Article 42747, Article 42768]. The nature of this vulnerability in the SS7 system makes it a persistent issue that can be exploited by hackers, governments, or other entities with access to the system. The ability to intercept calls, read messages, and track locations based on phone numbers highlights a fundamental flaw in the network infrastructure that poses a long-term risk to users' privacy and security. |
| Behaviour | crash, omission, value, other | (a) crash: - Article 42968 mentions a software failure incident where hackers exploited a flaw in the global telecom network SS7 to gain access to phone conversations, whereabouts, and emails by using just the phone number. This incident can be considered a crash as the system lost control and allowed unauthorized access to sensitive information [42968]. (b) omission: - The software failure incident described in Article 42768 involves hackers gaining access to the SS7 system, enabling them to track a person's location, read text messages, and listen to phone calls using just the phone number. This incident can be seen as an omission failure where the system omits to perform its intended function of protecting user privacy and data [42768]. (c) timing: - There is no specific mention of a timing-related failure in the articles provided. (d) value: - The software failure incidents discussed in the articles involve hackers exploiting vulnerabilities in the SS7 system to gain unauthorized access to sensitive information, such as phone conversations, text messages, and location tracking. This can be categorized as a value failure where the system performs its functions incorrectly by allowing unauthorized access to valuable data [42968, 42747, 42768]. (e) byzantine: - The software failure incidents reported in the articles do not exhibit characteristics of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. (f) other: - The software failure incidents described in the articles involve a security breach in the SS7 system, leading to unauthorized access to phone conversations, text messages, and location tracking. This behavior can be considered a security vulnerability or breach, which is not explicitly categorized in the options provided [42968, 42747, 42768]. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | None | None |
| Communication | None | None |
| Application | None | None |
| Category | Option | Rationale |
|---|---|---|
| Consequence | property, theoretical_consequence, other | (a) death: People lost their lives due to the software failure - There is no mention of people losing their lives due to the software failure incident in the provided articles [42968, 42747, 42768]. (b) harm: People were physically harmed due to the software failure - There is no mention of people being physically harmed due to the software failure incident in the provided articles [42968, 42747, 42768]. (c) basic: People's access to food or shelter was impacted because of the software failure - There is no mention of people's access to food or shelter being impacted due to the software failure incident in the provided articles [42968, 42747, 42768]. (d) property: People's material goods, money, or data was impacted due to the software failure - The software failure incident allowed hackers to access personal information, including phone conversations, whereabouts, emails, contacts, and credit card information, potentially impacting people's data and privacy [42968, 42747, 42768]. (e) delay: People had to postpone an activity due to the software failure - There is no mention of people having to postpone an activity due to the software failure incident in the provided articles [42968, 42747, 42768]. (f) non-human: Non-human entities were impacted due to the software failure - There is no mention of non-human entities being impacted due to the software failure incident in the provided articles [42968, 42747, 42768]. (g) no_consequence: There were no real observed consequences of the software failure - The software failure incident had significant consequences related to privacy breaches, surveillance, and potential exploitation by criminals, commercial spies, and suspected terrorists [42968, 42747, 42768]. (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The articles discuss potential consequences such as surveillance, tracking of individuals, interception of calls and text messages, and exploitation of vulnerabilities in the SS7 system, which were demonstrated by hackers but may not have occurred on a large scale [42968, 42747, 42768]. (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - The software failure incident highlighted the vulnerability of mobile phone networks, the potential for unauthorized access to sensitive information, and the challenges users face in protecting their privacy and data in the digital age [42968, 42747, 42768]. |
| Domain | unknown | The software failure incident discussed in the articles is related to the telecommunications industry. The failed system in question is the Signalling System No. 7 (SS7), a global telecom network that connects phone carriers across the world to route calls and texts. This system was exploited by hackers to gain access to phone conversations, track locations, and intercept text messages [42968, 42747, 42768]. |
Article ID: 42968
Article ID: 42747
Article ID: 42768