Huge security flaw in mobile phone networks that could let hackers listen in on voice calls and read text messages revealed
comments
A massive security flaw that could let hackers listen in on private calls and read text messages has been revealed.
The flaw, is in a global telecom network called Signal System 7 that helps phone carriers across the world, including AT&T and Verizon, route calls and texts.
The flaws, to be reported at a hacker conference in Hamburg this month, are the latest in a string of major flaws in the system.
The flaws are in a system called SS7, the global network that allows the world's cellular carriers to route calls, texts and other services to each other
'Experts say it's increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world's billions of cellular customers,' said The Washington Post.
The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower.
However, hackers worked out a way to repurpose the features for surveillance because of the lax security on the network.
Although the extent of the flaws has not yet been revealed, it is believed hackers can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption.
'It's like you secure the front door of the house, but the back door is wide open,' Tobias Engel, one of the German researchers, told the Post.
There also is potential to defraud users and cellular carriers by using SS7 functions, the researchers say.
The The American Civil Liberties Union has even warned people against using their handset in light of the breaches.
'Don't use the telephone service provided by the phone company for voice,' principle technologist Christopher Soghoian told Gizmodo.
Hackers worked out a way to repurpose the features networks use to connect calls for surveillance because of the lax security on the network.
The voice channel they offer is not secure.
'You can use FaceTime, which is built into any iPhone, or Signal, which you can download from the app store.
'These allow you to have secure communication on an insecure channel.'
He also believes that security agencies could be using the flaws.
'Many of the big intelligence agencies probably have teams that do nothing but SS7 research and exploitation.
'They've likely sat on these things and quietly exploited them.'
Put the internet to work for you.
0 comments:
Post a Comment