BEST OF THE WEB

Global roaming network vulnerable to attack: Researchers

Roaming is a service that mobile wireless users take for granted when they move across the boundaries of their carriers’ coverage. We just assume there’s coverage everywhere.

Few people think about the private global roaming network, the GPRS Global Roaming Exchange (GRX) that not only facilitates this service by linking wireless operators, but is supposed to be secure.

However security researchers have discovered that’s not true, according to a report in Computerworld U.S.

The researchers told the Hack in the Box security conference in Amsterdam last week that of 42,000 live GRX hosts on the supposedly private network, 5,500 were accessible from the Internet.

A range of services are exposed including DNS (domain name system), SMTP (simple mail transfer protocol), FTP (file transfer protocol), HTTP, Telnet, SMB (server message block) and SNMP.

In many cases those services had been implemented using outdated software with known critical remote code execution vulnerabilities like old versions of BIND, Exim, Sendmail, OpenBSD, Apache, Microsoft IIS, Oracle HTTP Server, Samba and others, says the report.

The security researchers suspect some operators hooked their office equipment onto the GRX network.

It’s not that hackers can overhear traffic. But they can get session identifiers, credentials, browsed images, URLs, files, enough information that can be used to track users and identify their mobile devices.

With this warning every mobile operator ought to be scanning their GRX network to see if there are vulnerable hosts.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web