Your phone calls, text messages, and location information can be easily intercepted by hackers, researchers claim. Speaking on Australia’s 60 Minutes show, researchers demonstrated how easy it is to record one’s mobile phone conversations and track location information.
The researchers claim the vulnerabilities are caused because of a signalling flaw in SS7, the protocol that enables phone operators to communicate with each other. An attacker can exploit this flaw and forward all calls to an online recording device, and then re-route the call back to its intended recipient. The recipients could not tell if their calls are being tampered with; and an attacker could pull off this attack without being nearby to the victim.
Besides being able to record a call, an attacker can also tap into on applications such as Google Maps. The re-routing also lets an attacker check your texts, and exploit different SMS verification systems by seeing the text before you. “Verification by SMS message is useless against a determined hacker with access to the SS7 portal because they can intercept and use the SMS code before it gets to the bank customer,” the report said.
The comforting part of the story is that the German hackers who demonstrated the vulnerability and exploited it, have legal access to SS7 by their local government. They are helping the government to patch this security hole, and enhance the overall security. In the demonstration, the German hackers were able to intercept a mobile conversation between Australian senator Nick Xenophon and Ross Coulthard, the host of the show.
“This is actually quite shocking because it affects everyone. It means anyone with a mobile phone can be hacked, can be bugged, can be harassed.” said Xenophon. “The implications are enormous and what we find shocking is that the security services, the intelligence services, they know about this vulnerability.”
A hacker doesn’t even need to know your phone number to eavesdrop on your conversations and spy on other data. Using physical devices like IMSI-catcher, a hacker is able to reroute your calls while intercepting the data. IMSI-catcher is illegal to use, but it is still spotted everywhere. Coulthard spoke to various authority figures and representatives of several concerned parties to get them to confess on camera that these IMSI-catcher devices are widely spotted in use in Australia.
Why should you care? It isn’t like this is the first time we’re learning about our phone calls getting intercepted. Edward Snowden’s infamous revelations of government-run spying programs like Prism have already made the world aware of such activities. What makes the aforementioned attacks so threatening is the fact that they are not run by governments. Any vicious mind out there could be tapping on your phone conversations and texts. And as of now, there is nothing much that can be done about it, until mobile network operators worldwide agree to fix their communication protocols.