On Saturday morning, an unusual report came from Sydney. The report contained some scary information especially for people who are very much concerned about their mobile phone privacy. Some researchers from Germany have exposed a big security fault on the SS7 network. The mobile carriers across the world use this network for sending contents like texts, voice and others. According to this report, hackers can use this fault to intercept text messages and voice calls even if they are encrypted.
SS7 network loophole
By the end of December, a hacker conference will be held in Hamburg where these researchers are planning to make this report public. It was 1980s when the SS7 network was built, and no one at that time could foresee cellular communications developing to this level. According to the Germans that were working on this study, the network has very little security. This gives hackers the good chance to do their job when calls are moving between different cell towers.
Almost all carriers are spending lots of money to make their networks as secure as possible; however, they still need to use the SS7 pipeline especially for calls and texts between different carriers. There are two ways that allow hackers to listen in on voice calls, and researchers have discovered that. The first way is about taking over the “call forwarding” function of a mobile phone. That allows the hacker to redirect the call to his phone for recording or real-time eavesdropping. From there the call will be sent to the actual recipient, and the hacker will be listening or recording the voice. The second way involves the use of an antenna which helps the hacker to catch all texts and calls being sent through waves. The hackers can record them, and they can get temporary encryption key on request from the respective carrier. With the key, they can break the code of recordings.
Response from mobile carriers
More than 20 global carriers including the US based T-Mobile have conducted different tests that prove SS7 networks are vulnerable to hacking. T-Mobile was quick to responding to this news. The company gave a statement assuring that it is aware of all the problems, and that it is taking all necessary steps involving standard bodies, vendors and mobile operators to find and block all such threats. End-to-end encryption is one way how some messaging apps are working around with their normal text communication. This is the major reason why WhatsApp and Apple’s iMessage are safe from hackers who can take advantage of SS7 network.
During the summer of 2013, the secret activity of NSA collecting metadata was leaked out. It was reported the metadata could give NSA key information like time of the call, duration & location of the call and the unique serial number of the phone. Every mobile user started to believe that NSA is spying on him. Another incident of hacking that alarmed the people was not about mobile communications rather it was the hacking of Sony Pictures.
Senator Mazzombek’s view
The researchers used the mobile phone of German Senator Thomas Jarzombek with his permission for the purpose of testing. Like many other people Senator Jarzombek also expressed his desire for complete privacy on the phone. According to him, nobody can believe that it is possible for him to have a fully private communication on the phone. He uses a fixed-line phone whenever he wants to have a secure communication with someone.