New security flaws in the SS7 protocol allow hackers to spy on phone users

Pierluigi Paganini December 19, 2014

German researchers have announced the discovery of news security flaws in SS7 protocol that could be exploited by an attacker to spy on private phone calls.

A team of German researchers has discovered security flaws that be exploited by a threat actor to spy on private phone calls and intercept text messages on a large scale, even when the mobile cellphone are using the most advanced encryption now available.

The flaws will be reported at the next hacker conference in Hamburg, and once again the attackers will exploit insecurity in the SS7 protocol, also known as Signaling System Number 7, that is the protocol suite used by several telecommunications operators to communicate with one another with directing calls, texts and Internet data.

The researchers also explained that the flaws in the SS7 protocol could be also exploited by criminal crews to defraud users and cellular carriers.

“The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s cellular carriers to route calls, texts and other services to each other. Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.

The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network.” reports The Washington Post.

The SS7 protocol allows cell phone carriers to collect location data related to the user’s device from cell phone towers and share it with other carriers, this means that exploiting the SS7 a carrier is able to discover the position of its customer everywhere he is.

In a previous post, I explained that surveillance vendors using the SS7 protocol are able to geo-localize users with great precision.

“The tracking technology takes advantage of the lax security of SS7, a global network that cellular carriers use to communicate with one another when directing calls, texts and Internet data.” reports the Washington Post. 

As explained by the researchers, the problem resides in the intrinsic security of the Protocol that is considered outdated due to the presence of several serious security vulnerabilities which can lead to the violation of the privacy for billions of mobile users worldwide.

In time I’m writing, the researchers haven’t provided other information on the security vulnerabilities discovered in the SS7 protocol, but the experts believe that hackers can exploit them to track an individual or redirect user calls to the attackers.
SS7 protocol
The attack scenario is worrying and open the door to massive surveillance activities, The American Civil Liberties Union (ACLU) has also warned people against possible abuse of such vulnerabilities by Intelligence agencies and Law enforcement.

“Don’t use the telephone service provided by the phone company for voice. The voice channel they offer is not secure,” principle technologist Christopher Soghoian told Gizmodo. “If you want to make phone calls to loved ones or colleagues and you want them to be secure, use third-party tools. You can use FaceTime, which is built into any iPhone, or Signal, which you can download from the app store. These allow you to have secure communication on an insecure channel.”

Unfortunately, the vulnerabilities into SS7 protocol will continue to be present, even as cellular carriers upgrade to advanced 3G technology to avoid eavesdropping.

“But even as individual carriers harden their systems, they still must communicate with each other over SS7, leaving them open to any of thousands of companies worldwide with access to the network. That means that a single carrier in Congo or Kazakhstan, for example, could be used to hack into cellular networks in the United States, Europe or anywhere else.” states the Washington Post

“It’s like you secure the front door of the house, but the back door is wide open,” said Tobias Engel, one of the German researchers.

The team of researchers did not find evidence that the flaws discovered have been “marketed” to governments on a widespread basis, anyway it is impossible to understand is intelligence agencies are already exploiting them for their operations.

“Many of the big intelligence agencies probably have teams that do nothing but SS7 research and exploitation. They’ve likely sat on these things and quietly exploited them,” Soghoian said.

 Stay Tuned for further information …
[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  SS7 protocol, surveillance)

you might also like

leave a comment