An investigation by CBS News 60 Minutes, has revealed that a flaw in the global telecom network can be exploited by hackers. This flaw enables hackers to gain access to phone conversations, your geographical location, texts and emails with just your phone number!
The exposed flaw is in the Signal System 7 (aka SS7, or C7 in the UK), which is used by network operators across the world to route calls and messages. This vulnerability effects us all, with experts claiming hackers can gain access to personal communications across the world with just a phone number. What makes this so worrying is that there’s not really much you can do about it. This is because its not your smartphone that’s being hacked, it’s the networks itself.
This vulnerability was first exposed back in 2014 at a Hamburg hacker convention. The 60 Minutes program shows that over a year after the flaw was exposed it has still not been rectified. German researchers participated in the 60 minutes program to reveal the security risk in the SS7 system and how hackers operate.
They did this by sending an iPhone to US congressman Ted Lieu who is a member of the House Oversight & Reform Subcommittee on Information technology. Mr Lieu was aware of what was happening and agreed to use the handset knowing, that for the purposes of the documentary it would be hacked.
Security Research Labs based in Berlin, knowing the telephone number associated with the device, were then able to exploit the vulnerability in SS7 to access his mobile phone. Once the network had been hacked through the SS7 flaw they were able to view his contacts, monitor his movements and listen in to his calls as well as being able to record them.
Karsten Nohl, who first demonstrated this problem back in 2014 says;
‘We can track their whereabouts, know where they go for work, which other people they meet when.
‘You can spy on whom they call and what they say over the phone. And you can read their texts.’
The flaws that have been unveiled are actually functions built into SS7 to keep calls connected as users switch between base stations. Worryingly however, this function is allowing criminals and terrorists to hack into people’s personal calls and their locations amongst other things with a tiny piece of information which is easily accessible.
It is down to lax security on the network and laziness that this vulnerability still exists. Having had the knowledge that this function allows users to hack the network surely something should have been done.
SS7 is an aging system which was first designed back in the 80’s when mobile technology was born. It is apparently riddled with security flaws. With more and more people relying on their handheld devices to connect and communicate with the world around them this is clearly a growing problem that needs to be addressed. It is not the only way that hackers are gaining access to mobile devices, but it is particularly worrying as users have absolutely no control over the flaw whatsoever. No matter how secure they attempt to make their handset this flaw will still allow hackers to access their device, should they wish.