Latest in Mobilepostcross

Image credit:

Phone network security flaw lets anyone bug your calls

Jon Fingas, @jonfingas
August 17, 2015
Share
Tweet
Share

Sponsored Links

Remember that vulnerability in the SS7 inter-carrier network that lets hackers and spies track your cellphone virtually anywhere in the world? It's worse than you might have thought. Researchers speaking to Australia's 60 Minutes have demonstrated that it's possible for anyone to intercept phone calls and text messages through that same network. So long as the attackers have access to an SS7 portal, they can forward your conversations to an online recording device and reroute the call to its intended destination. This helps anyone bent on surveillance, of course, but it also means that a well-equipped criminal could grab your verification messages (such as the kind used in two-factor authentication) and use them before you've even seen them.

The team in the report had the luxury of legal access to SS7, since it's helping to safeguard German networks against espionage. It's potentially harder for someone to hijack the portals on their own. However, there's a concern that those carriers which have access are illegally renting it out to third parties with less than honorable intentions. And to no one's surprise, some intelligence outfits and security software developers (like the US' National Security Agency or Verint) have permission. It's likely that SS7 tricks have been used to monitor phone activity for years, and not just by relatively above-board governments hoping to catch crooks.

You'll be happy to hear that some countries, including Australia and Germany, are getting carriers to tighten security. There's a worry that they're not moving as quickly as they can, though, as police and spy agencies are rarely thrilled by the prospect of losing easy ways to track suspects. While the likelihood of your becoming the victim of an SS7-based attack is low, it could be a long while before the odds drop to zero.

[Image credit: AP Photo/Kostas Tsironis]

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Rain may soon be an effective source of renewable energy

Rain may soon be an effective source of renewable energy

View
Windows 10 will support Linux file systems inside File Explorer

Windows 10 will support Linux file systems inside File Explorer

View
'Minecraft Dungeons' is the reason 'Minecraft' has evil villagers

'Minecraft Dungeons' is the reason 'Minecraft' has evil villagers

View
The best games for Nintendo Switch

The best games for Nintendo Switch

View
Google algorithm lets robots teach themselves to walk

Google algorithm lets robots teach themselves to walk

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr