Researchers have identified vulnerabilities in Signaling System 7 (SS7) – a system designed for call setup, management and tear down – that makes it possible for anyone to listen in on cell phone calls, read text messages, and locate callers, The Washington Post reports.
Encrypted calls and texts can even be recorded and decrypted later, a process that can be entirely automated, the report indicates, adding there is also the possibility to defraud users and cellular carriers through use of SS7 functions.
Tobias Engel, founder of Sternraute, and Karsten Nohl, chief scientist with Security Research Labs, independently identified the flaws, which are scheduled to be demonstrated at an upcoming hacker conference in Hamburg.
The report identified two eavesdropping techniques. One involves taking over a cell phone's “forwarding” function to listen in on calls, which can be established anywhere in the world. The other involves radio antennas gathering calls and texts in a particular vicinity.
The flaws are, in fact, functions built into SS7 that can be exploited due to “lax security on the network,” the report indicates, explaining that SS7 was developed in the 1980s and is “riddled with serious vulnerabilities” that put the privacy of cell phone users at risk.
Engel and Nohl began digging deeper into SS7 security weaknesses after The Washington Post reported in August that nations were purchasing surveillance systems that exploit the SS7 network in order to locate any cell phone user.
On Monday, Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told SCMagazine.com to assume that various agencies around the world – such as NSA [National Security Agency] and GCHQ [Government Communications Headquarters] – are “one step ahead.”
“[Those agencies] have a lot more money and are much more motivated,” Soghoian said, going on to add that if a smaller group of researchers in Germany “can find this stuff, certainly the [bigger agencies] can.”
Soghoian said that the exploits are extremely useful for governments and private parties to carry out state-sponsored or corporate espionage, and added that the Federal Communications Commission (FCC) should launch a broad investigation into networks and force carriers to enhance security.
According to the report, the techniques were tested on 20 networks around the globe and all were successful, including on T-Mobile in the U.S.
