Hacking

Hackers spied on a US Congressman’s communication abusing the SS7 protocol

Security experts eavesdropped and geographic tracked a US Congressman only using his phone number by abusing the SS7 protocol.

Hackers eavesdropped and geographic tracked a US Congressman only using his phone number. Security experts will be no surprised, I wrote many articles on the topic explaining that security flaws in the SS7 protocol could be exploited by an attacker to spy on private phone calls, record them and monitor target’s movements.

In this case, the activity was authorized by the US Representative Ted Lieu in order to demonstrate how much we are vulnerable. The findings were shared by a broadcast Sunday night by 60 Minutes.

Once again the name of the German security expert Karsten Nohl is in the headlines, he is the hacker that was able to record any call made to or from the mobile device used by the US Representative and to track his location in real-time.

“First it’s really creepy,” the US Representative said. “And second it makes me angry. They could hear any call. Pretty much anyone has a cell phone. It could be stock trades you want someone to execute. It could be a call with a bank.”

While SR Labs had permission to carry out the surveillance, there’s nothing stopping malicious hackers from doing the same thing.

Also in this case, the hackers exploited the SS7 protocol, aka Signalling System No. 7.

SS7 is a set of protocols used in telecommunications ever since the late 1970s, enabling smooth transportation of data without any breaches.

Exactly one year ago, Channel Nine’s 60 Minutes has revealed the existence of a security hole in modern telecommunication systems that could be exploited by cyber criminals to listen in on phone conversations and read text messages.

The program explained that Nohl’s team, who is based in Berlin, were able to intercept data and geo-track every mobile user by exploiting a flaw in the SS7 signalling system.

The security issue in the SS7 signaling system could be exploited by criminals, terrorists and intelligence agencies to spy on communications. The SS7 protocol allows cell phone carriers to collect location data related to the user’s device from cell phone towers and share it with other carriers, this means that exploiting the SS7 a carrier is able to discover the position of its customer everywhere he is.

Besides allowing telecommunication companies to query the location of phones on other carriers’ networks, the SS7 protocol allows them to route calls and text messages through a proxy before reaching the legitimate destination. But you know very well that a proxy could allow an attacker to spoof the identity of the victims.

“The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s cellular carriers to route calls, texts and other services to each other. Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.

The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network.” reports The Washington Post.

The SS7 is widely adopted, it is currently used by more than 800 telecommunication companies around the world. The security experts know very well that the SS7 protocol allows sharing individuals’ subscriber data with any other entity implementing the same protocol.

This means that if a hacker is able to access the network is able to access a wealth of subscriber’s information.

The SS7 protocol is also used by telecommunication companies to offer a number of services to various industries. For example, telecommunication companies use the SS7 to offer banks a service that allows them to confirm the presence of a customer’s phone in a specific country to authorize its transaction avoiding fraudulent activities.

“As long as you have SS7 access, it’s extremely easy,” Les Goldsmith, a researcher from security firm ESD explained to Ars. “Any one of the telcos that has a roaming agreement with the target network can access the phone.” Goldsmith presented his study on the SS7 security at the last RSA conference in San Francisco.

The majority of the telecommunication companies intends to replace the SS7 protocol for more secure one, the Diameter, but they will maintain the backward-compatibility with the SS7 continuing to expose mobile users to the risk of hack.

According to 60 Minutes, intelligence agencies like the NSA exploit the SS7 protocol for their surveillance activities.

Lieu sharply criticized US agencies that may have turned a blind eye to such vulnerabilities.

“The people who knew about this flaw should be fired,” he said. “You cannot have 300 and some million Americans, and really the global citizenry, be at risk of having their phone conversations intercepted with a known flaw simply because some intelligence agencies might get some data. That is not acceptable.” said Lieu.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – SS7 protocol, surveillance)

[adrotate banner=”5″] [adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

5 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

17 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

21 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.