Cell tower standing alone against clouds
© IT World Canada

Roaming is a service that mobile wireless users take for granted when they move across the boundaries of their carriers’ coverage. We just assume there’s coverage everywhere.

Few people think about the private global roaming network, the GPRS Global Roaming Exchange (GRX) that not only facilitates this service by linking wireless operators, but is supposed to be secure.

However security researchers have discovered that’s not true, according to a report in Computerworld U.S.

The researchers told the Hack in the Box security conference in Amsterdam last week that of 42,000 live GRX hosts on the supposedly private network, 5,500 were accessible from the Internet.

A range of services are exposed including DNS (domain name system), SMTP (simple mail transfer protocol), FTP (file transfer protocol), HTTP, Telnet, SMB (server message block) and SNMP.

In many cases those services had been implemented using outdated software with known critical remote code execution vulnerabilities like old versions of BIND, Exim, Sendmail, OpenBSD, Apache, Microsoft IIS, Oracle HTTP Server, Samba and others, says the report.

The security researchers suspect some operators hooked their office equipment onto the GRX network.

It’s not that hackers can overhear traffic. But they can get session identifiers, credentials, browsed images, URLs, files, enough information that can be used to track users and identify their mobile devices.

With this warning every mobile operator ought to be scanning their GRX network to see if there are vulnerable hosts.