German researchers discover huge security flaw that allows voice calls and text messages to be intercepted
The researchers behind the report plan on going public with it during a hacker conference to be held in Hamburg later this month. The SS7 network was built in the 1980's, well before anyone could have foreseen the amazing growth in cellular communications. The Germans who worked on the study found that there is very little security on the network, which allows hackers to do their thing while calls are being handed off from cell tower to cell tower.
While individual carriers spend a ton of money trying to sure up their networks, the SS7 pipeline still must be used for calls and texts between carriers. The researchers discovered two ways that hackers could listen in on voice calls. One way is to take over the call forwarding function on a mobile phone, and redirect calls to a hacker's phone for real-time eavesdropping or recording. The call would then be sent through to the proper recipient with the hackers listening in or taping the conversation. The second method uses an antenna to catch all calls and texts being sent through the airwaves. These would be recorded by the hackers, who could request a temporary encryption key from the carrier of each caller. The key would be used on the recordings to break the code.
Tests proving the vulnerability of SS7 have been successfully run over 20 global carriers, including T-Mobile in the U.S. T-Mobile responded to this information with a statement that said, "T-Mobile remains vigilant in our work with other mobile operators, vendors and standards bodies to promote measures that can detect and prevent these attacks." Some messaging apps use their own end-to-end enctryption which allows them to workaround the usual text connections. That is why apps like Apple's iMessage and WhatsApp probably would be safe from hackers taking advantage of the SS7 security breakdown.
After word leaked out in the summer of 2013 that the NSA was collecting metadata that could give them a phone's unique serial number, the location and duration of a call, and the time the call was made, mobile phone users started to see a "G-man" around every corner. And while not an event that was specifically related to mobile communications, the recent hacking of Sony Pictures brought the level of paranoia up another notch.
German Senator Thomas Jarzombek, who allowed his mobile phone to be used by the researchers for testing, summed up the feelings of many who desire complete privacy while on the phone. He recently said, "After all the NSA and Snowden things we've heard, I guess nobody believes it's possible to have a truly private conversation on a mobile phone. When I really need a confidential conversation, I use a fixed-line" phone."
source: SydneyMorningHerald via textually.org