In 2013, alongside reports on the National Security Agency’s spying program that had raised the hackles of privacy advocates, the British intelligence agency GHCQ was also discovered to have breached the routers and mobile roaming traffic of Belgacom, a Belgian telecommunications service provider.
The incident has led Stephen Kho and Rob Kuiters, security experts from Netherlands-based telecom provider KPN, to perform a test on the level of vulnerability of the GPRS Roaming Exchange network, carrier of roaming traffic comprising of hundreds of mobile networks across the world. The researchers found out that the GRX network has been exposed to attacks.
GRX providers serve to connect mobile operators worldwide to their roaming partners from the other part of the world. It is almost impossible for a roaming traffic, regardless of location, not to pass through the GRX network. So the GHCQ spying scandal brought to light the magnitude of private traffic information viewed by the British agency.
Kho and Kuiters worked to find out the ways to penetrate into the global GRX infrastructure from a remote computer while bypassing the station of network engineers, a task that turned out to be rather as simple as reciting the alphabet. Part also of the hacking test is to determine the types of data that might be exposed to malicious attackers and snoopers.
The researchers found that 13 percent of the live GRX hosts that they have successfully identified were readily exposed to anyone who will try to access it from the Internet using the tools that they employed but did not publicly reveal. It shows the lack of strong measure to bolster the supposed private networks.
Those hosts were also responsible for the vulnerabilities that affected various services such as the GPRS Tunneling Protocol, Network Management Protocol, Server Message Block, Hypertext Transfer Protocol, Transfer Protocol, Simple Mail Transfer Protocol, and Domain Name System.
Part of what contributes to their vulnerabilities is the old software whose remote code execution has been rendered defenseless out of the lack of security updates.
And like I’ve said above, it so easily done. Hackers do not need to purchase zero-day exploits to gain access to the GRX infrastructure.
Some of the critical information potentially susceptible to this hack includes session identifiers, credentials, URLs, files, mobile device type, mobile network code, mobile country code, cell identifiers, International Mobile Subscriber Identity code and location area code.
Imagine how easy it would be to track you once these pieces of information fall in the hands of the wrong guy?