German researchers have discovered that technology from the 1980s can be used by hackers anywhere in the world to spy on your phone calls and text messages.
The Signaling System 7 (SS7) network, which is still in use today, could allow hackers using an African or Asian network, for example, to hack into a US or UK-based mobile.
SS7 utilizes a series of protocols to enable mobile network carriers to route calls, texts and similar services to each other. However, security researchers Tobias Engel of Sternraute and Karsten Nohl, chief scientist for Security Research Labs, have discovered a number of security flaws in the network.
Even mobile networks using the most advanced encryption available are at risk, as they must communicate over SS7, enabling hackers to locate callers, listen to calls or record encrypted conversations for use at a later date.
"It’s like you secure the front door of the house, but the back door is wide open", Tobias Engel, told the Washington Post.
Earlier in the year, it was reported that a number of nations across the world had purchased surveillance systems that utilize the SS7 network in order to track key targets. However, there is nothing to prevent criminals from adopting a similar approach.
There are two primary methods used to intercept phone calls over the SS7 network. The first sees attackers hijack a phone’s forwarding function, redirecting calls to themselves before sending them onto the intended recipient. This means hackers can listen in on conversations from anywhere in the world.
The second method uses radio antennas to collect all calls and texts in the area, with hackers even able to request a temporary encryption key through the SS7 network, if any information has additional security. This technique requires the attackers to be nearer to their victims, but also allows them to target many more individuals.
The German researchers who discovered the security flaw are expected to reveal the full extent of their findings at the Chaos Communication Congress in Hamburg later this week.
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.