- The Washington Times - Monday, August 17, 2015

The world’s telecommunications system is still vulnerable and can be exploited in order to spy on cellphone calls and text messages anywhere on Earth, hackers warn.

Flaws concerning SS7, or Signaling System 7 — the architecture that enables telecoms to route communications between carriers — aren’t exactly new. Hackers have been warning of vulnerabilities within the system as early as 2008, and research revealed at a German conference in December renewed concerns about how easily the underlying protocols could be abused.

But the issue was again brought to the forefront this weekend by Australia’s “60 Minutes” television program, which aired a segment on hackers demonstrating how they were able to intercept voice calls and SMS messages from the other side of the globe by exploiting flaws within SS7.

“This is actually quite shocking because it affects everyone,” Nick Xenophon, an independent Australian senator, told 60 Minutes. “It means anyone with a mobile phone can be hacked, can be bugged, can be harassed.”

During the segment, host Ross Coulthart dialed Mr. Xenophon from thousands of miles away and then exchanged text messages. All the while, hackers in Germany who were given access to the SS7 architecture for the sake of demonstrating the vulnerabilities successfully eavesdropped on the conversation.



Roughly 7 billion mobile phones rely on SS7 to route calls, Mr. Coulthart reported, and access to the architecture is meant to be restricted to the roughly 800 telecoms across 200-plus countries which are registered to provide cell service through the Groupe Speciale Mobile Association (GSMA), an international trade group.

Yet many of those companies operate within hostile, war-torn nations where security is lacking, he added, raising concerns that terrorist or criminal groups may access the system and exploit the same vulnerabilities spotted by the hackers.

GSMA officials acknowledged problems with network security when questioned by The Washington Post last August, and said at the time that an increasing number of issues was behind a decision to replace SS7 during the course of the next decade. A year later, however, hackers say serious and still-unpatched vulnerabilities make the system as exploitable as ever.

Copyright © 2019 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.

 

Click to Read More and View Comments

Click to Hide