The global “hand-shaking” network that allows cellular carriers to route calls, texts and other services to each other is vulnerable to hackers, spies and criminals, putting the privacy of billions of cell phone users at risk, German researchers have found.
The Washington Post said the flaws discovered by the researchers are “the latest evidence of widespread insecurity” on the SS7 network and could be exploited by hackers and others even though carriers are using the most advanced encryption available.
“At the very least, anyone exploiting SS7 could read your text messages, or go a bit further and set up [call forwarding] without you knowing about it,” HotHardware.com warned, adding that “someone could even record entire conversations, then save them locally for later decryption.”
SS7, which stands for Signaling System 7, was first designed in the 1980s. According to the Post, its defects are actually functions built into the system for other purposes — such as keeping calls connected as users speed down highways, switching from cell tower to cell tower — that hackers can repurpose for surveillance because of the lax security on the network.
Even as individual carriers improve their security, the Post noted, they still must communicate with each other over SS7 — which means a single carrier in Congo or Kazakhstan, for example, could be used to hack into cellular networks in the U.S., Europe or anywhere else.
“It’s like you secure the front door of the house, but the back door is wide open,” Tobias Engel, one of the German researchers, told the Post.
The researchers, who will present their findings at a hacker conference in Germany this month, said one way hackers could eavesdrop on calls using SS7 technology would be to hijack a cell phone’s “forwarding” function.
Alternatively, hackers could use radio antennas to collect all the calls and texts passing through the airwaves in an area. If communications are protected with strong encryption, an SS7 command could be used to request that the network release the temporary encryption key.
Source: The Washington Post