German Researchers Discover Security Flaw That Puts Worldwide Network at Risk

Cell providers use a worldwide network known as SS7 to connect to cell towers and transmit communications, leaving it open to hackers and spies. (Photo: jbdodane/flickr/cc)

German Researchers Discover Security Flaw That Puts Worldwide Network at Risk

Even with advanced encryption tools, hackers and spies could exploit newly found vulnerability, researchers say

German researchers have discovered a new flaw in the global network known as Signalling System 7 (SS7), which could allow hackers and spies to intercept communications on a massive scale, the Washington Postreports.

Due to be presented at a hacker conference in Hamburg this month, the research finds that certain functions built into SS7 can be exploited to listen to private phone calls and read text messages anywhere in the world. Because SS7 was created to allow cellular carriers to route communications services to each other--for example, by switching between cell towers as callers drive down highways--its security flaws actually give hackers access to a massive network of users.

Unwarranted surveillance, including by private parties, is not the only risk that comes out of the SS7 weak spots. It also means that users could be targeted for fraud or scam operations.

The news comes amidst recent revelations about the extent to which powerful governments--including those of the U.S. and the U.K.--have been conducting surveillance sweeps of foreign diplomats as well as their own citizens. NSA whistleblower Edward Snowden's document leak in 2013 brought the crisis to international attention, which in turn prompted cell phone users to demand better privacy protection from private companies. But according to the researchers, even those efforts are not enough.

The Post explains:

These vulnerabilities continue to exist even as cellular carriers invest billions of dollars to upgrade to advanced 3G technology aimed, in part, at securing communications against unauthorized eavesdropping. But even as individual carriers harden their systems, they still must communicate with each other over SS7, leaving them open to any of thousands of companies worldwide with access to the network. That means that a single carrier in Congo or Kazakhstan, for example, could be used to hack into cellular networks in the United States, Europe or anywhere else.

"It's like you secure the front door of the house, but the back door is wide open," said Tobias Engel, one of the German researchers.

Engel and his team conducted tests that allowed hackers to obtain encryption keys from cell phone carriers through radio antennas and succeeded on more than 20 networks around the world, including T-Mobile. Others are likely to have similar flaws, although certain smartphones provide end-to-end encryption that avoid using SS7, such as those used in services like iMessage and Whatsapp.

The researchers also discovered that hackers and spies exploiting the SS7 network flaws could learn the phone numbers of people whose cell signals they collect through surveillance devices.

While surveillance fears have remained in the national consciousness since Snowden's leak last year, the new research shows that cell phone users may have even more to worry about than ever before.

"I doubt we are the first ones in the world who realize how open the SS7 network is," Engel said.

Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.