There was a recent television segment ran on the 60 Minutes television show that may have had some people ready to switch off their mobile phones for good! A team of German hackers ran a demonstration, with the cooperation of U.S. Congressman Ted Lieu, they followed him through Los Angeles using his smartphone while also recording his phone calls. We already have concerns about how much the government can monitor us, but now we have to worry about hackers tracking and recording us?
So why is this happening? Hackers used an already existing flaw in old technology, SS7 or Signaling System Seven. All hackers would need is an active phone number of the victim they wanted to monitor, and then they could track their movements in live time, listen in and record cell phone calls and text messages.
So what is Signaling System Seven and why if everyone is aware of it hasn’t it been fixed already? SS7 is a telephone signaling protocol which is used throughout the world by over 800 telecommunications companies. SS7 is used by phone companies to enable cross-carrier billing, exchange information, and data, allow roaming and a variety of other features.
To prove just how vulnerable users were because of the flaws in SS7 Karsten Nohl of German Security Research Labs, with U.S. Congressman Ted Lieu's permission setup a small exercise. They monitored his movements across the city of Los Angeles, listened in and recorded his smartphone calls as he spoke to a variety of different people and also copied and recorded any text messages he sent.
The biggest revelation to come from this latest exercise is that the security flaws in Signaling System Seven have been known by hackers since at least 2014, where they were openly discussed at hackers and computer security meeting. Some flaws in SS7 were patched, but the largest flaws are essentially still available to be exploited by whoever has the knowledge needed to exploit them. SS7 has been upgraded over the years to help rising numbers of clients and service providers accommodate the much larger numbers of text messages and phone calls being made across networks. The biggest problem was that these upgrades didn’t include security upgrades such as monitoring devices or firewalls to prevent people listening or looking in.
Major concerns have been raised since the show was broadcast, with fears rising over hackers potentially obtaining information to blackmail victims, impact national security, rogue employees of telecommunications companies having access to client’s information and also how law enforcement and the government is utilizing this crack in SS7’s security.
The flaw in SS7 affects all phones, not just one brand in particular. If you are using an iOS or Android-style operating system, they all have the potential to have calls intercepted and recorded, text messages intercepted and locations tracked and determined.
The good news is that this hack or flaw in security doesn’t affect a lot of the newer models of smartphones available. The better security encryption your phone has, the better it will be protected against the flaw. By using the secure data apps, you can also prevent any chance of your information being intercepted. The hack or flaw in SS7 also doesn’t affect any data such as photos, videos or emails that you have currently stored on your device; it only catches data as its being transmitted.
So what can you do to avoid this flaw or hack in SS7?
The best way for users to avoid any risk of this is to avoid the digital communication apps which are available on their smartphones. Communication apps like Apple’s iMessage, Signal, and WhatsApp all use the latest end-to-end digital encryption on all of their messaging and voice calls.
The biggest vulnerability with smartphones is that they still utilize the same calling and basic text messaging systems that were put in place in the beginning. The newer digital calling and messaging apps utilize modern encryption along with complete end-to-end digital protection. This means from one end of the call to the other; both users have safe digital encryption.