Anyone in the world can listen in on your private conversations, no matter what security you are using. At least, that is what two German researchers are preparing to report at a network security conference in Hamburg this month. The newly discovered vulnerability applies to both text and voice calls, and seems to affect every cell phone user in the world.
The Washington Post reported Thursday that Tobias Engel and Karsten Nohl both discovered the widespread security flaw while working independently. The researchers were investigating flaws in Signaling System 7 (SS7), the worldwide network used to route cellular communications.
Billions of Users Affected
SS7 is a bit of 1980s-era network technology that allows cell phones to switch coverage from one cell tower to another as a user travels. While this allows people to continue their calls uninterrupted, the poor level of security built into the system gives hackers, thieves and spies almost unlimited access to those calls.
Someone could use the flaw to find someone's physical location anywhere in the world, listen to their calls in real time, and even record an encrypted conversation as it happens, then decrypt it at their leisure.
Because SS7 is used across the globe, hackers looking to spy on a target can be physically located in any country. A spy in Moscow, for example, could record an encrypted conversation taking place in Richmond, Virginia. The flaw could potentially affect billions of cell phone users worldwide.
And, in fact, it seems that at least some spies may already be exploiting the vulnerability. The Washington Post previously reported in August that several dozen countries had already purchased surveillance tools that use SS7 to locate and track surveillance targets.
Whole Cities Are Vulnerable
The security flaw can be exploited in one of two ways. The first exploit requires the attacker to send a command to the SS7 system that allows them to take control of how the mobile phone forwards calls. The attacker can have all incoming and outgoing data forwarded first to themselves before being passed along to the intended recipient. This attack requires no physical proximity to the targets and can be launched from anywhere in the world.
In the second attack, hackers intercept voice and text transmissions using radio antennas placed in close proximity to the target. Although cellular technologies like 3G systems frequently use strong encryption protocols, an attacker can send a request to the target's carrier to provide a temporary key that would allow the attacker to break the encryption.
While the latter attack does require physical proximity to the target, attackers could potentially use it to target a large number of callers. An entire city or region could be targeted simultaneously, according to one of the researchers quoted in The Washington Post story. The process could even be set up and then automated, allowing intelligence agencies such as the National Security Agency or Britain's GCHQ to record all conversations in a region of the country at the push of a button.
Nonetheless, the researchers said there is a way users can circumvent an attack using the SS7 vulnerability. Since messaging apps like WhatsApp and Apple's iMessage both use end-to-end encryption that do not involve the SS7 system, such an attack likely would not work against them.
Posted: 2016-09-29 @ 4:43pm PT
My wife was fooling with her new cell phone and all of a sudden she heard conversation come up with her cousin talking about the death of a close relative. This was months ago but it was the actual conversation recording. Worrisome and strange.