A dangerous vulnerability is discovered that allows eavesdropping of cell phone calls from anywhere in the world

ByWorld Bank Photo Collection

Smartphones and mobile phones are used frequently to say "there is no day to use", but at a hacker conference held in Hamburg in December 2014, we are using mobile phone carriers all over the world to talk, to send and receive text etc. Global network used "Common line signal No. 7(SS7) "reported a serious vulnerability. By using this vulnerability by hackers it is pointed out that the risk of eavesdropping on the telephone and text contents of billions of mobile phone users all over the world.

German researchers discover a flaw that could let any anything listen to your cell calls. - The Washington Post
http://www.washingtonpost.com/blogs/the-switch/wp/2014/12/18/german-researchers-discover-a-flaw-that-could-let-anyone-listen-to-your-cell-calls-and-read-your-texts/


According to the contents reported at the hacker conference, if you are proficient in the functional aspect of SS7, you can wiretapping mobile phones anywhere in the world, record millions of call details and text It is reported that it can also be deciphered later.

Also, there are similar vulnerabilities in 3G lines, where carriers around the world are investing billions of dollars to upgrade. Since SS7 is used for the majority of carriers all over the world, even some carriers who are trying to shift the communication network other than SS7 to improve security still have to use SS7 for mutual communication Hmm. This means that you can hack into distant America or Europe, for example using the Congo Republic or Kazakhstan career line.

ByJm3 on Flickr

The reason for discovering the vulnerability of SS7 is that of researcher Tobias Engel andSecurity Research LabsTwo of Mr. Karsten Nol, the chief scientist of the company. These systems are NSA andBritish Government Communications Headquarters(GCHQ), it is thought that it is used in intelligence agencies such as the investigation, the survey said that the history of purchasing the system by the government could not be found. Although no evidence was found,The American Free Human Rights AssociationChristopher Soghoan, an engineer at the ACLU, said, "All the world's leading intelligence agencies have SS7 specialized research and development teams."

There are two ways to eavesdrop on the phone due to the vulnerability discovered. One is to take over the "transfer function" of the cellular phone through SS7, and secretly transferring the contents of the call secretly enables you to listen and record. If the system is built, hackers can steal all target calls anywhere in the world.

The other is to collect encrypted call / text data on the 3G network passing through the radio tower. Regarding cryptography, temporary encryption keys that callers receive from their carriers can be obtained via SS 7, but although they require physical access to the radio towers, they can be developed far more widely than with the first method. Mr. Norr has already succeeded in demonstrating the collection and deciphering of text messages using this technology. A German senator who cooperated in this research said, "When I really need talks, I am using a fixed line."

ByLucas

As for hacker's unauthorized decryption request, you can protect on the carrier side, and German Vodafone has already begun blocking illegal requests. Also, Mr. Engel and Mr. Norre also reported how to track the location information of callers through SS7, but I also know that some carriers blocked specific request for location information. Eavesdropping etc. is an act contrary to law in many countries, but it is also possible to provide location information of callers and call contents at the request of the government etc.