TechTheDay

Government agencies and other parties that are bent on assailing your privacy on your mobile device may not have to be very aggressive to get what they want. German researchers recently discovered huge mobile network system flaws that enables the interception of calls and text messages with relative ease. This flaw is expected to have an impact worldwide as it affects the global network being used by mobile carriers.

The Flaws

These flaws will be reported and discussed at a hacker conference in Hamburg this December. It is a defect that is viewed by many as a solid exemplification of the widespread security problem on SS7 or the global network that facilitates the routing of calls, text messages, and other services provided by mobile carriers. Experts are saying that it is now becoming increasingly clear that SS7 is rife with serious vulnerabilities that threaten the privacy of the billions of people who make use of the services of mobile networks.

These flaws are actually functions integrated in SS7 for other purposes. Examples of these “flaw-features” are the ability to maintain call connections while in high speed transit along highways and the ability to switch call connections from one cellular tower to another. These major security flaws can be exploited by those who have the skills to locate callers anywhere they may be. Conversations on cellular phones may also be listened to or calls can be recorded, even if they are encrypted as they can be decrypted later on. The German researchers found that these vulnerabilities may also be used to defraud mobile phone users or even the carriers themselves.

Global Threat

In spite of the billions of dollars invested in telecommunications technology, from hardware to software, these cellular network vulnerabilities have unfortunately remained in place. Even when telecommunications companies invest heavily in securing their own networks, eventually, they have to make use of the SS7 platform to communicate with other networks. This makes them vulnerable even with all the in-house advanced security  tech they employ. The German researchers reported that through these vulnerabilities, hackers in Africa can find means to hack into mobile networks in the United States, Europe, or Asia. Tobias Engel, one of the German researchers involved in the study, likened the situation to a house with a secure front door but with the back door kept open.

The study covered over 20 networks in different parts of the world, including T-Mobile in the United States.

Eavesdropping Calls

There were two distinct call eavesdropping methods possible, according to the German scientists. The first makes use of commands sent through SS7 to hijack the call forwarding service typically provided by carriers, to have calls redirected to the hackers before they can be connected to the intended recipients. The second method necessitates physical proximity and a special equipment that can collect all the calls and text messages being transmitted through the airwaves in a specific area.

The German researchers demonstrated their findings convincingly by making use of the mobile phone of a German senator (who voluntarily participated in the study). The senator was Thomas Jarzombek of the Christian Democratic Union party. He expressed no surprise about the vulnerabilities and possibilities of mobile network intrusion.

SS7 Surveillance Systems Peddled

In August this year, Washington Post reported how surveillance system makers are marketing the technology to governments worldwide to allow them to track virtually anyone who uses a cellular phone. The study conducted by the German researchers is partly in response to this report. The several-months-long study was aimed at exposing the weaknesses of SS7 networks. However, the German researchers failed to obtain any solid evidence that governments have been offered or are already using the SS7-vulnerability-exploiting technology, the ability to sniff or record calls and text messages in particular. This does not mean, though, that governments are not really using the vulnerabilities to perform espionage or monitoring. It can be recalled that in many instances in the past, vulnerabilities have been unknown to the public but were actually already being exploited by government agencies and other felonious entities.

Yet to Be Addressed Problem

There have been attempts to get a statement from the London-based GSMA global cellular industry group but no comment has been released from the organization as of now. Nevertheless, as reported by Washington Post in August, during their coverage of the surveillance system peddling issue, GSMA officials acknowledged that there are indeed problems in current mobile networks. The officials tried to allay privacy and security fears by saying that the current SS7 network is set to be replaced over the next decade because of the increasing number of security and technical issues.

Hopefully, these recently discovered vulnerabilities are addressed soon. The NSA spying scandal should be more than enough reminder for the need for better security on mobile devices and communication networks worldwide. It’s great to know that new encryption technologies are now becoming more effective. There’s still that need, though, to address unaddressed problems and to uncover yet-to-be-publicized vulnerabilities that may have already been exploited by governments or other ill-intentioned entities for some time.