Widely Used SS7 Standard Still Vulnerable A Year Later


The number of people without fixed phone numbers, who cut the figurative cord and go for data-only mobile plans, is increasing daily. These people, when they are forced to make a call or send an old fashioned text message, normally use data-based services to do so. Outside of getting their data from a wireless provider, what do these customers have in common with traditional wireless customers who use calling and SMS services daily? The answer is the SS7, or Signaling System Seven, protocol. This protocol is used in any communications that interface with wireless carriers' legacy systems, including calling, texting, roaming and billing.

CBS News' "60 Minutes" segment sat down with a high-level German hacker named Karsten Nohl, who demonstrated a vulnerability to the public more than a year ago that used SS7 to allow a hacker to listen in on texts, calls and the rough location of any customer whose phone number they had. This hack, shown off in 2014 by Nohl at a security convention in Germany back in 2014, is still up and running. In order to demonstrate the hack, CBS gave a regular old iPhone to a California congressman and asked him to use it, warning him that it was a hacking experiment. He agreed and, sure enough, Nohl and his people were able to listen in on conversations, track whoever he called or texted and see the locations of everybody involved at all times.


CBS correspondent Sharyn Alfonsi spoke on the matter, saying that politicians and high-ranking businessmen were likely to be the most at-risk parties, saying that these people's personal data would be of high value to certain malicious parties for purposes such as defamation and illegally obtaining insider knowledge. She also said that this security flaw is used by intelligence agencies the world over, who may not want to see it fixed and are thus leaving mobile subscribers all over the world, especially the powerful people mentioned above, at risk of having their personal data stolen. The exploit is well known in less reputable communities as well, with governments, OEMs and wireless carriers thus far making no move to patch it up.

Share this page

Copyright ©2016 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Senior Staff Writer

Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, Voice assistants, AI technology development news in the Android world. Contact him at [email protected]

View Comments