Research

Phone Hacking

Written by Reflare Research Team | Apr 20, 2016 12:46:00 PM

SS7 has over 30 years of history, but the hacking demonstration opens a scary prospect for everyone. The researchers proved that the SS7 network can be easily abused in order to spy on people's phone conversations and track their location.

First Published 20th April 2016

"You don't say?"

2 min read  |  Reflare Research Team

Most people use their cell phones without considering that someone might be listening. A group of hackers recently revealed to a US Congressman that listening in on phone conversations is a lot easier than expected.

The attack was carried out with permission by Security Research Labs in Germany for a piece that aired on local news channels. The hackers were able to record the Congressman's phone conversations and locate his position using GPS. The hack was done using Signaling System 7 (SS7), which is a protocol used by over 800 telecom companies to allow devices to interconnect as they access different networks. For instance, SS7 would be used by a US AT&T user to access local German networks.

Once a hacker has access to SS7, they can route calls, read text messages, spoof the phone number and identity of the caller, as well as record messages. This was all witnessed by the US Congressman who had his phone conversations taped and replayed for him during the newscast.

Although this was a first for the US Congressman, hacking cell phones and telecom resources is nothing new for hackers. Cell phones are some of the most insecure devices on the market. Older phones rarely (if ever) have their software upgraded. If a bug or vulnerability is found, it's often left intact until the user buys a new phone, which is sometimes years from the time the issue is found.

Smartphones are also vulnerable to SS7 attacks. These devices are primary targets for hackers, as they contain immeasurable amounts of data that the hacker can use to either blackmail the target or sell on the black market. Smartphones contain contacts, social media information, and often also credit card numbers and other financial data.

Although hacking cell phones is nothing new, we expect these threats to continue reemerging every couple of years as the industry and adaption of mobile devices progresses.