There’s a newly found vulnerability in a telephony signaling language in use among hundreds of telecommunication firms worldwide that could allow hackers to intercept and eavesdrop on your communication.
US Representative Ted Lieu experienced first-hand the hacking into his cellphone, which he permitted as part of a broadcast program and was conducted by Germany-based Security Research Labs. The hacking demonstrated that it was possible to track a user geographically and record the calls in his mobile device using only the mobile number that comes with the phone.
More to the point, the mock hacking exhibited that black-hat hackers, too, have the capacity and opportunity to do the same thing, not necessarily to Rep. Lieu, but to other people, listening to their private calls.
Telecommunication companies around the world let their networks interoperate through the Signalling System No. 7, or SS7, routing protocol. For instance, a Globe Telecom user in the Philippines can connect to the Verizon network in the United States. Anyone who could have access to SS7 can basically view the data of any subscriber.
But when one of the telcos that constitute the SS7 network falls prey to hacking, a vast treasure trove of data including voice calls, text messages, locations and subscriber information can be intercepted. That means the routing protocol is only as secure as its weakest member. The SS7 protocol allows any of its telco members to access a phone if it has a roaming agreement with the network in question.
Further, SS7 lets a telecommunication firm to ask for the location of the phone in question from another carrier and route messages and calls through a proxy server prior to transmitting the data to its intended recipient. It is hard for the legitimate recipient to detect that a call, for instance, is being intercepted because the proxy network can assume the caller or sender’s identity.
There’s a plan among network carriers to upgrade the routing protocol to the one called Diameter, but security researchers are wary about the idea. Security experts are of the popular belief Diameter has backwards compatibility with the SS7, and the flaws of the legacy protocol will stay in what is otherwise an updated network for the years to come.
There are products available out there that can help telcos identify which SS7 commands to accept or decline. It comes in the form of a firewall, and it can be customized to block requests from a certain telco for specific information based on the company’s location, especially if it comes from a country like Russia, Iran or North Korea.