Phone network security flaw lets anyone bug your calls

Remember that vulnerability in the SS7 inter-carrier network that lets hackers and spies track your cellphone virtually anywhere in the world? It's worse than you might have thought. Researchers speaking to Australia's 60 Minutes have demonstrated that it's possible for anyone to intercept phone calls and text messages through that same network. So long as the attackers have access to an SS7 portal, they can forward your conversations to an online recording device and reroute the call to its intended destination. This helps anyone bent on surveillance, of course, but it also means that a well-equipped criminal could grab your verification messages (such as the kind used in two-factor authentication) and use them before you've even seen them.

The team in the report had the luxury of legal access to SS7, since it's helping to safeguard German networks against espionage. It's potentially harder for someone to hijack the portals on their own. However, there's a concern that those carriers which have access are illegally renting it out to third parties with less than honorable intentions. And to no one's surprise, some intelligence outfits and security software developers (like the US' National Security Agency or Verint) have permission. It's likely that SS7 tricks have been used to monitor phone activity for years, and not just by relatively above-board governments hoping to catch crooks.

You'll be happy to hear that some countries, including Australia and Germany, are getting carriers to tighten security. There's a worry that they're not moving as quickly as they can, though, as police and spy agencies are rarely thrilled by the prospect of losing easy ways to track suspects. While the likelihood of your becoming the victim of an SS7-based attack is low, it could be a long while before the odds drop to zero.

[Image credit: AP Photo/Kostas Tsironis]