Hackers can eavesdrop on your phone calls and text messages even with cell networks using “the most advanced encryption available” according to The Washington Post.
German researchers discovered that Signal System 7 (SS7), the global network that lets the world’s cellular carriers route calls and texts around the world, has “serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.” The Daily Mail lists AT&T and Verizon as amongst the carriers affected.
The specific flaws to SS7 uncovered by the researchers relates to functionality built into the system to allow users to switch between cell towers when traveling, but hackers can exploit this to eavesdrop because of the limited security precautions in place.
According to The Washington Post, these exploits can “locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption.” There are two distinct techniques which could be used by hackers. The first involves sending commands over SS7 which hijack a phone’s ‘forwarding’ function, redirecting it to themselves and then on to the intended recipient.
While the first exploit could be executed from anywhere in the world, the second requites geographical proximity. Using radio antennae, hackers would collect all the calls and texts passing through the airwaves in a given area.
The lack of security in voice and text messaging is exposed at a time when cellular carriers continue to invest billions of dollars on enhancing the security and performance of 3G – an irony not lost on Tobias Engel, one of the researchers who quipped, “It’s like you secure the front door of the house, but the back door is wide open.”
Speaking to Gizmodo, Christopher Soghoian, the principle technologist of the ACLU, recommended avoiding cellphones for private conversations until such a time that the security issues are dealt with, saying: “If you want to make phone calls to loved ones or colleagues and you want them to be secure, use third-party tools. You can use FaceTime, which is built into any iPhone, or Signal, which you can download from the app store. These allow you to have secure communication on an insecure channel.”
The researchers will be presenting their findings to a hacker conference in Hamburg later this month.