Cellular Network Vulnerability Discovered Leaves Your Phone Calls Ripe For Snooping

Another day, another security revelation. This time, it comes from researchers in Germany, who've exposed some serious vulnerabilities in the SS7 set of protocols that cellular carriers use to perform many basic functions. At the core, SS7 (or signaling system #7) is used to keep people connected, moving them from tower to tower when necessary, but it's also used for services like call forwarding and SMS.

After the NSA's dastardly deeds were exposed last summer by Edward Snowden, Germany has been at the top of its game to keep track of how communications are handled, and monitored. You see, it doesn't matter that a mobile carrier can promise to keep our communications secure - when those communications are required to go through a highly vulnerable hand-shaking network, it's akin to locking your front door but leaving the back door unlocked, says one of the researchers, Tobias Engel.

Cellular Tower Flickr Carl Lender
Flickr: Carl Lender

It might be easy to brush these vulnerabilities off as minor, but they're really not. At the very least, anyone exploiting SS7 could read your text messages, or go a bit further and set up a forward without you knowing about it. That in effect means that whenever you take a call, it could be forwarded elsewhere for eavesdropping purposes. If that wasn't enough, someone could even record entire conversations, then save them locally for later decryption.

In the event that a network does offer decent encryption for calls or texts, it's noted that one other SS7 command could be used to request that the network release the temporary encryption key. After researchers went to Vodafone with their findings, the company immediately began blocking that particular command from working.

Signaling System 7
Signaling System 7 Diagram

Here’s another scary thought: an alternative snooping scheme would involve you planting yourself in the middle of a busy area and then make use of a radio antenna to grab anything and everything from the air. If needed, you could issue SS7 commands on-the-fly, gaining access quickly to the communications of those around you. Researchers stress that these breaches of security are not difficult to pull off; it's as simple as pushing a button.

To prove just how severe the issue is, the researchers proved the SMS vulnerability to one German senator. He said that after the revelations that stemmed from Snowden, such a weakness comes as no surprise. He does have one immediate solution, though: "When I really need a confidential conversation, I use a fixed-line."

But, even that is not bulletproof. Perhaps the safest method of communication anyone can have today is through end-to-end encrypted VOIP. Of course, that's not always an option. Given the vast scope of the issues, these SS7 issues likely won't be dealt with right away. In time, the entire system will be overhauled, but until then, many of the vulnerabilities will remain.