2 min read

Huge privacy flaw uncovered in mobile phone networks

Graham CLULEY

December 22, 2014

Huge privacy flaw uncovered in mobile phone networks

In the last year or so there’s been a lot of bad news about how intelligence agencies and hackers can exploit weaknesses in internet communications to snoop upon our conversations and private messages.

Indeed, such has been the avalanche of revelations that it’s not uncommon at all to hear security researchers advise you to turn off your phone’s WiFi, and communicate via regular calls vand SMS messages instead because of the 3G phone network’s built-in advanced encryption.

Well, there’s bad news folks…

Two German security researchers have uncovered what they claim are serious security flaws that could allow criminals and intelligence agencies to spy upon private phone calls and text messages transmitted via cellular networks.

cell-tower

The problem it appears is in Signal System 7 (SS7), a global telecom network that you may never have heard of, but which assists phone carriers around the world route your calls and text messages.

The Washington Post reported that researchers Tobias Engel and Karsten Nohl discovered security holes in some of SS7’s functions normally used for keeping calls connected as they “speed down highways, switching from cell tower to cell tower.”

The belief is that national intelligence agencies are likely to be conducted similar research and could be exploiting the security holes to gather information – something which could potentially impact users around the globe:

Experts say it`s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world`s billions of cellular customers.

Those skilled at the myriad functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is potential to defraud users and cellular carriers by using SS7 functions, the researchers say.

Specifically, the German researchers say they have uncovered two ways to spy upon phone conversations using SS7 technology.

Firstly, commands sent over SS7 can hijack a cell phone by forwarding any calls it receives to hackers, and then onwards to the intended recipient. With such a system in place, calls can be secretly recorded.

Secondly, hackers in close proximity to their intended target could use radio antennas to scoop up all calls and texts passing through in the area – requesting through SS7 a temporary key to decrypt recorded communications.

Last week, Nohl put his discoveries into practice, demonstrating how he was able to grab and decrypt a text message sent from a German senator’s cell phone. Fortunately the senator agreed to be part of the demonstration.

Privacy activist Christopher Soghoian, who is principle technologist at the American Civil Liberties Union, told Gizmodo that people should not consider their regular voice calls secure.

For secure conversations, use third-party tools like FaceTime, Signal or RedPhone which “allow you to have secure communication on an insecure channel.”

I would certainly welcome seeing more people install secure communications apps like these. The only problem I have found with them is that the vast majority of my contacts seem never to have heard of them – let alone installed them on their smartphones.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Supply Chain Attack Detected in PyPI Library Supply Chain Attack Detected in PyPI Library
Silviu STAHIE

August 02, 2021

1 min read
Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel
Filip TRUȚĂ

August 02, 2021

3 min read
Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million
Graham CLULEY

July 30, 2021

2 min read