German researchers have discovered a flaw in the Signalling System No 7 (SS7) global network which could allow attackers to intercept communications internationally on a massive scale, according to a report in the Washington Post.
The Post notes how the system, designed in the 1980s, is riddled with serious vulnerabilities. SS7 is a protocol suite used by most cellular carriers internationally to route communications services to each other when directing calls, texts and internet data. The report notes that these flaws are actually functions built into SS7 for other purposes – such allowing mobile phones to remain connected on the move by collecting location information from phone towers to share with each other, switching between cell towers when driving. But hackers can re-purpose the data for surveillance thanks to lax security on the network.
Consequently the security flaws give hackers access to a vast network of users, potentially allowing them to listen to private phone calls and read text messages anywhere in the world.
While individual carriers are hardening their systems, they still need communicate with each other over SS7, leaving them open to companies worldwide with access to the network, so a single carrier anywhere Asia or Africa for example could be used to hack into cellular networks in the UK or anywhere else.
Tobias Engel, one of the German researchers quoted by the Post says his team has conducted tests that allowed hackers to obtain encryption keys from cell phone carriers through radio antennas and succeeded on more than 20 networks around the world, including T-Mobile, AT&T and Verizon.
Others are likely to have similar flaws, although some smartphones and services provide end-to-end encryption which avoids using SS7, such as iMessage and WhatsApp. The report says that by using the flaw, hackers can locate or redirect users' calls to themselves or anywhere in the world before forwarding to the intended recipient, listen to calls as they happen, and record hundreds of encrypted calls and texts at a time for later decryption.