SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
5
#000000
#FFFFFF
Cell providers use a worldwide network known as SS7 to connect to cell towers and transmit communications, leaving it open to hackers and spies. (Photo: jbdodane/flickr/cc)
German Researchers Discover Security Flaw That Puts Worldwide Network at Risk
Even with advanced encryption tools, hackers and spies could exploit newly found vulnerability, researchers say
Dec 18, 2014
German researchers have discovered a new flaw in the global network known as Signalling System 7 (SS7), which could allow hackers and spies to intercept communications on a massive scale, the Washington Post reports.
Due to be presented at a hacker conference in Hamburg this month, the research finds that certain functions built into SS7 can be exploited to listen to private phone calls and read text messages anywhere in the world. Because SS7 was created to allow cellular carriers to route communications services to each other--for example, by switching between cell towers as callers drive down highways--its security flaws actually give hackers access to a massive network of users.
Unwarranted surveillance, including by private parties, is not the only risk that comes out of the SS7 weak spots. It also means that users could be targeted for fraud or scam operations.
The news comes amidst recent revelations about the extent to which powerful governments--including those of the U.S. and the U.K.--have been conducting surveillance sweeps of foreign diplomats as well as their own citizens. NSA whistleblower Edward Snowden's document leak in 2013 brought the crisis to international attention, which in turn prompted cell phone users to demand better privacy protection from private companies. But according to the researchers, even those efforts are not enough.
The Post explains:
These vulnerabilities continue to exist even as cellular carriers invest billions of dollars to upgrade to advanced 3G technology aimed, in part, at securing communications against unauthorized eavesdropping. But even as individual carriers harden their systems, they still must communicate with each other over SS7, leaving them open to any of thousands of companies worldwide with access to the network. That means that a single carrier in Congo or Kazakhstan, for example, could be used to hack into cellular networks in the United States, Europe or anywhere else.
"It's like you secure the front door of the house, but the back door is wide open," said Tobias Engel, one of the German researchers.
Engel and his team conducted tests that allowed hackers to obtain encryption keys from cell phone carriers through radio antennas and succeeded on more than 20 networks around the world, including T-Mobile. Others are likely to have similar flaws, although certain smartphones provide end-to-end encryption that avoid using SS7, such as those used in services like iMessage and Whatsapp.
The researchers also discovered that hackers and spies exploiting the SS7 network flaws could learn the phone numbers of people whose cell signals they collect through surveillance devices.
While surveillance fears have remained in the national consciousness since Snowden's leak last year, the new research shows that cell phone users may have even more to worry about than ever before.
"I doubt we are the first ones in the world who realize how open the SS7 network is," Engel said.
An Urgent Message From Our Co-Founder
Dear Common Dreams reader, The U.S. is on a fast track to authoritarianism like nothing I've ever seen. Meanwhile, corporate news outlets are utterly capitulating to Trump, twisting their coverage to avoid drawing his ire while lining up to stuff cash in his pockets. That's why I believe that Common Dreams is doing the best and most consequential reporting that we've ever done. Our small but mighty team is a progressive reporting powerhouse, covering the news every day that the corporate media never will. Our mission has always been simple: To inform. To inspire. And to ignite change for the common good. Now here's the key piece that I want all our readers to understand: None of this would be possible without your financial support. That's not just some fundraising cliche. It's the absolute and literal truth. We don't accept corporate advertising and never will. We don't have a paywall because we don't think people should be blocked from critical news based on their ability to pay. Everything we do is funded by the donations of readers like you. Will you donate now to help power the nonprofit, independent reporting of Common Dreams? Thank you for being a vital member of our community. Together, we can keep independent journalism alive when it’s needed most. - Craig Brown, Co-founder |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
Nadia Prupis
Nadia Prupis is a former Common Dreams staff writer. She wrote on media policy for Truthout.org and has been published in New America Media and AlterNet. She graduated from UC Santa Barbara with a BA in English in 2008.
German researchers have discovered a new flaw in the global network known as Signalling System 7 (SS7), which could allow hackers and spies to intercept communications on a massive scale, the Washington Post reports.
Due to be presented at a hacker conference in Hamburg this month, the research finds that certain functions built into SS7 can be exploited to listen to private phone calls and read text messages anywhere in the world. Because SS7 was created to allow cellular carriers to route communications services to each other--for example, by switching between cell towers as callers drive down highways--its security flaws actually give hackers access to a massive network of users.
Unwarranted surveillance, including by private parties, is not the only risk that comes out of the SS7 weak spots. It also means that users could be targeted for fraud or scam operations.
The news comes amidst recent revelations about the extent to which powerful governments--including those of the U.S. and the U.K.--have been conducting surveillance sweeps of foreign diplomats as well as their own citizens. NSA whistleblower Edward Snowden's document leak in 2013 brought the crisis to international attention, which in turn prompted cell phone users to demand better privacy protection from private companies. But according to the researchers, even those efforts are not enough.
The Post explains:
These vulnerabilities continue to exist even as cellular carriers invest billions of dollars to upgrade to advanced 3G technology aimed, in part, at securing communications against unauthorized eavesdropping. But even as individual carriers harden their systems, they still must communicate with each other over SS7, leaving them open to any of thousands of companies worldwide with access to the network. That means that a single carrier in Congo or Kazakhstan, for example, could be used to hack into cellular networks in the United States, Europe or anywhere else.
"It's like you secure the front door of the house, but the back door is wide open," said Tobias Engel, one of the German researchers.
Engel and his team conducted tests that allowed hackers to obtain encryption keys from cell phone carriers through radio antennas and succeeded on more than 20 networks around the world, including T-Mobile. Others are likely to have similar flaws, although certain smartphones provide end-to-end encryption that avoid using SS7, such as those used in services like iMessage and Whatsapp.
The researchers also discovered that hackers and spies exploiting the SS7 network flaws could learn the phone numbers of people whose cell signals they collect through surveillance devices.
While surveillance fears have remained in the national consciousness since Snowden's leak last year, the new research shows that cell phone users may have even more to worry about than ever before.
"I doubt we are the first ones in the world who realize how open the SS7 network is," Engel said.
Nadia Prupis
Nadia Prupis is a former Common Dreams staff writer. She wrote on media policy for Truthout.org and has been published in New America Media and AlterNet. She graduated from UC Santa Barbara with a BA in English in 2008.
German researchers have discovered a new flaw in the global network known as Signalling System 7 (SS7), which could allow hackers and spies to intercept communications on a massive scale, the Washington Post reports.
Due to be presented at a hacker conference in Hamburg this month, the research finds that certain functions built into SS7 can be exploited to listen to private phone calls and read text messages anywhere in the world. Because SS7 was created to allow cellular carriers to route communications services to each other--for example, by switching between cell towers as callers drive down highways--its security flaws actually give hackers access to a massive network of users.
Unwarranted surveillance, including by private parties, is not the only risk that comes out of the SS7 weak spots. It also means that users could be targeted for fraud or scam operations.
The news comes amidst recent revelations about the extent to which powerful governments--including those of the U.S. and the U.K.--have been conducting surveillance sweeps of foreign diplomats as well as their own citizens. NSA whistleblower Edward Snowden's document leak in 2013 brought the crisis to international attention, which in turn prompted cell phone users to demand better privacy protection from private companies. But according to the researchers, even those efforts are not enough.
The Post explains:
These vulnerabilities continue to exist even as cellular carriers invest billions of dollars to upgrade to advanced 3G technology aimed, in part, at securing communications against unauthorized eavesdropping. But even as individual carriers harden their systems, they still must communicate with each other over SS7, leaving them open to any of thousands of companies worldwide with access to the network. That means that a single carrier in Congo or Kazakhstan, for example, could be used to hack into cellular networks in the United States, Europe or anywhere else.
"It's like you secure the front door of the house, but the back door is wide open," said Tobias Engel, one of the German researchers.
Engel and his team conducted tests that allowed hackers to obtain encryption keys from cell phone carriers through radio antennas and succeeded on more than 20 networks around the world, including T-Mobile. Others are likely to have similar flaws, although certain smartphones provide end-to-end encryption that avoid using SS7, such as those used in services like iMessage and Whatsapp.
The researchers also discovered that hackers and spies exploiting the SS7 network flaws could learn the phone numbers of people whose cell signals they collect through surveillance devices.
While surveillance fears have remained in the national consciousness since Snowden's leak last year, the new research shows that cell phone users may have even more to worry about than ever before.
"I doubt we are the first ones in the world who realize how open the SS7 network is," Engel said.
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.