Modern field guide to security and privacy

Network flaws expose cellphones to state surveillance

An Irish mobile security firm detected sophisticated systems designed to tap into the backbone of the global cellphone networks and surveil calls, texts, and location data. 

|
Reuters/File

Security flaws in networks that route cellphone calls and text messages around the world are leaving billions of cellphone users vulnerable to surveillance, according to an Irish cybersecurity firm.

The firm Adaptive Mobile has detected at least four sophisticated computer systems that have tapped into the Signaling System 7 (SS7) network, a fundamental part of the mobile communications infrastructure, to eavesdrop on callers' conversations, texts, and location data.

While attacks on SS7 have been spotted by other security researchers in the past, Adaptive Mobile says the advanced nature of the machines it detected infiltrating SS7 suggests nation-states are eavesdropping on sections of the global mobile network.

"We see a lot of tracking systems, but these systems are really at the pinnacle of the technology," said Cathal McDaid, head of Adaptive Mobile’s threat intelligence unit. "These are platforms in place around the world that are doing sophisticated operations to track people around the world in a way that can bypass mobile defenses."

Mr. McDaid said the technically advanced nature of the surveillance systems his firm detected on the SS7 network suggests "these platforms must have had a considerable amount of investment behind them to make them as sophisticated as they are."

The systems that Adaptive discovered appear to be designed to capture billions of gigabytes of location data to perform surveillance on specific intelligence targets, potentially giving spy agencies a detailed view into their targets without their knowledge.

The nefarious systems detected by the firm are located in Western Europe, the Middle East, and North Africa. But so far, the firm detected only a handful of cellphone users who were targeted by such surveillance practices, suggesting the SS7 breaches could have been part of a targeted surveillance campaign.   

Though Adaptive does not point to specific countries or companies involved in the mobile snooping, similar activity has been reported in Ukraine, where investigators spotted mobile users getting hit with suspicious SS7 attacks over a three day period in April 2014 – allowing Russian network providers to potentially snap up calls and location data.

Since most SS7 networks are closed systems and not connected to the open Internet, it had been traditionally difficult to get inside the network without access to high-grade telecommunications equipment and the proper permits. But that has changed in recent years as businesses are now reselling access to the mobile backbone.

"There are a lot of websites that we see nowadays that offer SS7 access," says Hassan Mourad, a mobile security researcher and senior advisor at an Egyptian telecommunications company. "You give them the number you want to track and they will point you to the location of the subscriber."

But Mr. Mourad says he’s never before seen multiple surveillance systems that can track the same user, such as those discovered by Adaptive, which will present its research Tuesday at the Mobile World Congress in Barcelona. 

Adopted in the 1980s as a closed network with connecting nodes controlled by phone carriers and national operators, SS7 directs mobile traffic from cellphone towers to the Internet. Even though thousands of companies have access to SS7 and can legally share it with third parties, security experts say that SS7 has few internal security mechanisms.

In 2014, German researchers found that hackers could exploit SS7 functions that maintain call connections by switching between cell towers to listen to calls or steal text messages – even those that are end-to-end encrypted. Broken encryption protocols between radio networks and callers could also allow hackers to break into SS7 using interception equipment.

The report from Adaptive Mobile has identified several computers involved in carrying out attacks around the world aimed at tracking users and nabbing location data.

"You can steal cell IDs that can tell you where someone is," said Adaptive's McDaid. "With call interception, you can simply disable [a victim’s] IP connectivity to disable encrypted apps. You can intercept phone calls and text messages."

By analyzing network traffic made available to Adaptive Mobile by telecommunications providers, McDaid and his team detected systems on SS7 that are responsible for location tracking, denial-of-service attacks, call interception, and attacks that are designed to steal cellphone users' encryption keys.

In most cases, said McDaid, the victims of these kinds of attacks would have no idea their phones are being tracked or hacked into.  

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Network flaws expose cellphones to state surveillance
Read this article in
https://www.csmonitor.com/World/Passcode/2016/0222/Network-flaws-expose-cellphones-to-state-surveillance
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe