Alarming Security Defects in SS7, the Global Cellular Network—and How to Fix Them

The global network that transfers calls between mobile phone carriers has security defects that permit hackers and governments to monitor users’ locations and eavesdrop on conversations. As more reports of these activities surface, carriers are scrambling to protect customers from a few specific types of attacks.

The network, called Signaling System 7, or SS7, is a digital signaling protocol that mobile phone carriers including AT&T, T-Mobile, and Sprint use to send messages to each other about who is a subscriber, where subscribers are located, and how calls should be routed to reach them.

SS7 began as a closed network shared among a few major mobile phone carriers, but grew porous as more carriers joined. Hackers and governments can now gain access by purchasing rights from a carrier (which many are willing to provide for the right price) or infiltrating computers that already have permission.

Once they’re in, hackers and government intelligence agencies have found ways to exploit security defects to monitor users or record calls. Experts who study SS7 have found some individuals are tracked by as many as nine entities at once. While the average citizen isn’t likely to be a target, it’s impossible for consumers to know whether or not they’re being watched.

The problem

The sheer scale of SS7 means that these flaws present a massive cybersecurity problem that could theoretically affect any mobile phone user in the world. “Technically speaking, more people use the SS7 than use the Internet,” says Cathal McDaid, chief intelligence officer at network security firm AdaptiveMobile. “It’s the majority of the world’s population.”

To inspire a solution, Karsten Nohl, a computer scientist at Security Research Labs in Berlin, has exposed several methods through which governments and hackers could conduct surveillance and monitor calls using SS7. He recently appeared on 60 Minutes to show that he could hack a cellphone provided to U.S. congressman Ted Lieu using only Lieu’s phone number (Lieu agreed to participate in the demonstration). It’s a stunt Nohl had executed before, once hacking a German senator’s phone.

In an interview with IEEE Spectrum, Nohl describes a few ways that hackers and governments that have gained access to SS7 can manipulate the network to listen to calls or track users...


No comments:

Post a Comment