Jakub Jirsk - Fotolia

Security flaw exposes billions of mobile phone users to eavesdropping

Hackers, fraudsters, rogue governments and unscrupulous commercial operators are exploiting flaws in the architecture of the mobile phone signalling system known as SS7

Billions of mobile phone users around the world are at risk from covert theft of data, interception of their voice calls and tracking of their location.

Hackers, fraudsters, rogue governments and unscrupulous commercial operators are exploiting flaws in the architecture of the mobile phone signalling system known as SS7, which enables mobile roaming between different phone companies.

An investigation by Australian TV show 60 Minutes has shown how hackers have been able to record mobile phone conversations of a prominent politician and track his movements from a base thousands of miles away in Germany.

The disclosures have led to calls for an immediate public inquiry in Australia, amid concerns the security and intelligence services have long been aware of the SS7 security vulnerabilities.

Online banking risk

The demonstration – the first to show it is possible to use SS7 to intercept voice calls – has also raised serious questions about the security of SMS verification systems used by online banking and email services.

“Verification by SMS message is useless against a determined hacker with access to the SS7 portal because they can intercept and use the SMS code before it gets to the bank customer. The same technique can also be used to take over someone’s email account,” 60 Minutes reporter Ross Coulthart told Computer Weekly.

Hacker Tobias Engel first warned of the vulnerabilities in SS7 at a Chaos Computer Club conference in Germany in December 2014.

The problem arises because international agreements require all telecommunications providers to provide details of their subscribers through the SS7 system to another provider on request, including the name and contact details of the subscriber, as well as, crucially, the location of the nearest mobile phone tower.

Intercepting phone calls

A hacker with access to the SS7 system can use this information to listen in to any mobile phone conversation by forwarding all calls to an online recording device and then re-routing the call back to its intended recipient – a so-called man-in-the-middle attack. It also allows the movements of a mobile phone user to be tracked on applications such as Google Maps.

Telecommunications security specialist Peter Cox told Computer Weekly that the ability of hackers or spies to use SS7 protocol to listen in to communications could have potentially serious consequences for individuals and businesses.

“People can be making very confidential business calls, discussing mergers and acquisitions. If information leaks out through this vulnerability, the company making this call can be liable for compliance breaches,” said Cox, founder and CEO of UMLabs.

It has long been speculated in security industry circles that the reason why countries such as the UK, US and Australia have not rushed to ensure the SS7 vulnerability is fixed is because the location-tracking and call-bugging capacity has been widely exploited by intelligence services for espionage.

Cox said SS7 has been in use for such a long time and is such an established telecommunications protocol that, even if there was the political will, securing SS7 would be fraught with difficulties.

“Users should consider alternatives, such as using voice over IP services with encryption, and should recognise if you are using a mobile phone, you are on a public network, and all the security vulnerabilities that you apply to data should apply to voice calls,” he said.

60 Minutes will be broadcast on 16 August 2015.

Read more on IT suppliers