Hackers Can Read Your Texts Thanks to Huge Security Flaw

Illustration for article titled Hackers Can Read Your Texts Thanks to Huge Security Flaw

The global telecom network Signal System 7 helps phone carriers across the world, including AT&T and Verizon, route calls and texts. It's also apparently perforated with security holes that lets hackers and spies listen to your calls and read your texts. It's so bad the ACLU's chief technologist told me that people worried about being snooped should just not use their cell phone to make calls. Privacy: Remember that?


German researchers discovered that SS7's outdated infrastructure makes it easy as hell to hack, which can lead to huge invasions of privacy, the Washington Post has reported. Researchers will present their findings later this month at a conference in Hamburg. From the Post:

The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network.

Carriers like AT&T and Verizon use 3G and 4G networks for calls, messages, and texts sent from people within the same network, but they still need to use old, crappy, insecure SS7 when they send data across networks. This means tracing your phone and what you do on it is alarmingly simple for people in the know:

Those skilled at the myriad functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is potential to defraud users and cellular carriers by using SS7 functions, the researchers say.

SS7's overall security suckiness isn't a secret, though this new research should draw attention to how important it is to overhaul the system. In August, the Post published a story highlighting how companies are already building surveillance systems capable of stealth tracking using loopholes in SS7—and they're selling these systems to governments and private groups.

One of the companies, Verint, boasts about servicing over 10,000 clients on its website. Not mentioned: How many people these clients violated.


So what can you do to avoid getting hacked or spied on by people exploiting the vulnerabilities of SS7? I asked the ACLU's principle technologist Christopher Soghoian:

"Don't use the telephone service provided by the phone company for voice. The voice channel they offer is not secure," he told me. "If you want to make phone calls to loved ones or colleagues and you want them to be secure, use third-party tools. You can use FaceTime, which is built into any iPhone, or Signal, which you can download from the app store. These allow you to have secure communication on an insecure channel." For texts, using third parties that provide end-to-end encryption also seals off your messages from SS7 exploits.


So basically, your only line of defence is to not use your phone as a goddamn phone. It's an imperfect solution, to put it mildly, to a problem that will persist as long as this insecure system remains outdated. More than one thing is rotten in the state of telecom, but this crumbling global infrastructure is practically putrid. [The Washington Post]

Image via Shutterstock / Getty



Well, where do we start. When SS7 was designed the telco universe was much regulated, access to their networks was very restricted. And most importantly, signaling was carried out of band, away from the content (speech). There were others, like R2, R5, that worked in-band (no SS6 and SS5 as the WP notes) but lets stick to SS7.

SS7 at this time was secure as you could not easily access the signaling information. Things changed when there came SS7 over IP, it was now in the internet. Also deragulation etc. opened the doors that companies offered gateways to the SS7 networks of the world. You mentioned Verint formely knows as Comverse.

To keep up with newer functions, handling mobile networks etc. SS7 needed to grow, respectively evolve. Much the same way as an insecure TCP/UDP grew and added overhed over overhead. Global Title Translation, GTT, is required for Intelligent Network functions and much of the Mobile Network tasks.

Through the GTT you could control (to a certain extent) the access to your network, so basically keep things out. I guess carriers did not do their homework there.

What I found very amusing on this piecve is the statement of the ACLU gentlemen: Use Apps to do your communication... Well yes, then at least you are sure who's got your data and goes shopping with it.

The guy says "Stop using the phone" and you are writing this on the internet which is, as we know, the safest and most secure place besides a bank vault....