If you’re feeling like the only way to keep your personal details private at this point is to curl up in a hole with a flip phone, you’re not going to like this. The Washington Post is reporting that German researchers have discovered major security flaws in SS7, the global cellular network designed in the 1980s that routes phone calls and texts.
The findings will be presented at a conference in Hamburg later this month by Tobias Engel, the founder of Sternraute, and Karsten Nohl, the chief scientist for Security Research Labs. The two each found the vulnerabilities during seperate research. The flaws are the latest and most damning assessment of SS7’s security status. The Post explains that weak points mainly exist in nonessential but important features like those that allow a moving phone to switch from one cell tower to another without losing a call. Spies and hackers alike could be exploting the vulnerabilities to listen in on or record billions of calls and text messages.
Even though carriers have spent a lot to upgrade their data infrastructures to 3G and 4G and make everything more secure, they still have to use SS7 to enable inter-carrier data exchange. If I have AT&T and you have Verizon and we call each other, we’re exposed. The Post also points out that hackers could use any SS7-enabled carrier (basically all of them) anywhere in the world to hack other networks. “It’s like you secure the front door of the house, but the back door is wide open,” Engel said. “I doubt we are the first ones in the world who realize how open the SS7 network is.”
Government intelligence agencies around the world likely know about and even use the SS7 vulnerabilities, though the research didn’t find specific evidence of this. And it’s not clear how widely the flaws have been exploited, if at all, by other criminals and malicious hackers.
Engel and Nohl say there are two approaches to exploiting the vulnerabilities. Hackers can either forward calls to themselves before sending them on to the intended recipient, or locally they could pick up all the texts and calls going through the airwaves using a radio antenna and then use SS7 to request temporary encryption keys from carriers to unlock the data. The latter technique would allow hackers to get around even strong encryption on 3G networks.
Between the Sony Pictures hack and the ICANN intrusion (not to mention revelations about NSA surveillance last year), it’s starting to seem like we need completely new approaches to large-scale digital security. But perhaps it has more to do with a change in mindset. “Spend[ing] in cyber security is expanding rapidly, as is the realization that relying on a single solution to protect … networks and information isn’t enough,” said Jay Kaplan, the CEO of enterprise cybersecurity firm Synack. “Security is a puzzle with many intricate pieces—there isn’t a silver bullet.”