Hackers Can Spy on Every Mobile

Uploaded on 2015-09-23 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

 SMSInterception.pngFlaws in SS7 networks  allow hackers to snoop, re-route calls and read text messages.

There is a security hole in modern telecommunication systems that could be exploited by cyber criminals to listen in on phone conversations and read text messages. German hackers, based in Berlin, were able to intercept data and geo-track every mobile user by exploiting a flaw in the SS7 signaling system.

 

SS7 is a set of protocols used in telecommunications ever since the late 1970s, enabling smooth transportation of data without any breaches.

The SS7 protocol allows cell phone carriers to collect location data related to the user’s device from cell phone towers and share it with other carriers, this means that exploiting the SS7 a carrier is able to discover the position of its customer everywhere he is.
“The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s cellular carriers to route calls, texts and other services to each other. Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.

The flaws discovered by the German researchers are actually functions built into SS7 for other purposes, such as keeping calls connected as users speed down highways, switching from cell tower to cell tower, that hackers can repurpose for surveillance because of the lax security on the network.” reports The Washington Post.
In the hacking community is known the existence of several techniques that hackers and snoopers can make use of, in order to eavesdrop and intercept phone calls or written text messages. In December 2014, German researchers have placed the matter to the public for consideration at the Chaos Communication Hacker Congress, since there can be a great many problems emerging.

Carriers of mobile telephony spend large amounts of money towards expanding their network and securing the conditions of communication with 3G and high-end encryption. To quote Tobias Engel, one of the German researchers mentioned above,
“It’s like you secure the front door of the house, but the back door is wide open”.
One of the major incidents registered by NKRZI (which is the National Commission for the State Regulation of Communications and Information in Ukraine) involved Russian addresses back in April 2014.

The expert noticed that many Ukrainian users of mobile phones have been affected by the notorious SS7 packets that is possibly derived from Russia. As a result, the mobile phone holders were intercepted of their address details and everything that was stored inside each phone. MTS Ukraine obviously participated in the interception, in relation to MTS Russia. As a direct consequence of security breaches related to SS7 protocols of telecommunication, the eminent threat is that of surveillance taking place between countries.

The system is being used by several major  providers, meaning  that data could easily be exposed to hackers. Names, addresses, bank account details and medical data stolen due to a security vulnerability that could give hackers the access to their mobile devices.

Unfortunately, the vulnerabilities into SS7 protocol will continue to be present, even as cellular carriers upgrade to advanced 3G technology to avoid eavesdropping.

Cyber Defense

 

« India and US Cyber Agree Security Pact to Combat Crime
Google's Self-driving Car Push Spurs Hiring Spree »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

iXsystems

iXsystems

iXsystems is a leader in Open-Source enterprise server and storage solutions including Backup & Recovery to protect critical data.

Radware

Radware

Radware is a global leader of application delivery and cyber security solutions for virtual, cloud and software defined data centers.

Trustwave

Trustwave

Trustwave is a leader in managed detection and response (MDR), managed security services (MSS), consulting and professional services, database security, and email security.

CYBERPOL

CYBERPOL

CYBERPOL is the leading Public Utility Agency for investigating cyber crimes and cyber attacks by criminals, international adversaries.

Proteus

Proteus

Proteus is an Information Security consulting firm specialized in Risk Analysis and Executive Control.

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC) is a government body providing support for ICT related activities including formulating national ICT strategy and policy.

Edvance

Edvance

Edvance operates a range of cybersecurity businesses including value added cybersecurity solutions distribution, security technology innovation and development, and SaS solution offerings.

ToucanX

ToucanX

ToucanX has eliminated remote attack vectors without sacrificing productivity. We’ve brought embedded near real time virtualization to the enterprise endpoint.

MindWise

MindWise

MindWise is a comprehensive global threat monitoring solution with implementations for fraud prevention and enterprise threat intelligence.

CyXcel

CyXcel

CyXcel is a cyber security consulting business grounded in the law which natively fuses crises, legal, technical, and consulting expertise digital networks, information and operational technology.

Advanced IT

Advanced IT

Reliable managed IT Security & support services that will help you take your business operations to the next level without breaking the bank!

LT Harper

LT Harper

LT Harper specialise in cyber security recruitment. We believe in providing an individualised service to our customers whether they are looking for a new opportunity or to hire talent.

CoinCover

CoinCover

Blockchain technology is changing everything. However, it brings its own set of unique risks. Coincover ensures everyone is protected, enabling them to innovate freely, without constraints.

Maveris

Maveris

Maveris is an IT and cybersecurity company committed to helping organizations create secure digital solutions to accelerate their mission.

Blind Insight

Blind Insight

Field-level searchable encryption plus fine-grained programmable access controls. All wrapped neatly in developer-friendly APIs and SDKs. Data protection perfection.

TrustNet

TrustNet

TrustNet helps mid-to-large firms build trust through top-tier cybersecurity, compliance, and consulting—offering complete managed services all in one place.