Security researchers found out a critical security flaw that can make the cyber-criminals read private SMS and listen to the phone calls on a huge scale even if cellular networks utilize the current and advanced encryption technology available today.
This serious flaw lies with the Signaling System 7 or global telecom network that holds the multiple phone carriers around the globe, which includes Verizon and AT&T that can route their texts, calls and other services with one another.
This weakness is discovered by German researchers, who are about to present their judgment at the ‘Hacker Conference in Hamburg’ later this December.
According to Washington Post, which have first revealed the flaws in the system early this year, “Experts say it’s increasingly clear that SS7, first designed in 1980’s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.
The number of security flaws in Signaling System 7 or SS7
SS7 is the protocol suite utilized by most of the telecommunication operators around the globe to enable communication when calls, text and internet data are directed.
SS7 will permit the phone carriers to gather location information from cell towers and share it with one another. USA carrier can find their customers even if they travel out of the country.
Security researchers said that the “outdated infrastructure of the SS7 makes it easier for cyber-criminals to hack”, since they are loaded with critical security vulnerabilities that will lead to a bigger invasions of privacy from billions of cellphone users around the world.
According to the report, “The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower that hackers can repurpose for surveillance because of the lax security on the network.”
Backdoor Open for Hackers
The range of flaws that are browbeaten by the cyber-criminals are not yet revealed, however it is assumed that by using the flaws, hackers could redirect or locate users calls to themselves and even anywhere around the globe before it is being forwarded to the intended receiver. The calls can be listened while it is happening and could record numerous encrypted texts and calls at the time of later decryption.
It doesn’t matter how strong and high technology encryption those carriers are using, as long as they are under the SS7 for sending data through networks, they are still open for these hackers. For example, the Verizon and AAT&T that are using 3G and 4G networks for their text messages and calls, and texts that are sent from people in the same network.
To add more, using SS7 protocol can create a possible deceived users and cell carriers, the researchers said.
American Civil Liberties Union or ACLU warned people not to use telephone services in light of these breaches. According to technologist Christopher Soghoian to Gizmodo, “Don’t use the telephone service provided by the phone company for voice. The voice channel they offer is not secure.” He added that “If you want to make phone calls to loved ones or colleagues and you want them to be secure, use third party tools. You can use FaceTime, which is built into any iPhone, or Signal, which you can download from the app store. These allow you to have secure communication on an insecure channel.”
Soghoian believes that the security agencies such as United States NSA and British security agency GCHQ are using these flaws. “Many big intelligence agencies probably have teams that do nothing but SS7 research and exploitation. They’ve like sat on these things and quietly exploited team,” he added.
Nevertheless, these poor security abilities of SS7 protocol is not a secret to the public and it is not all new. People in today’s generation wanted to know how much is the extent of this threat since it makes them worried about the consequences.