Widely Used SS7 Standard Still Vulnerable A Year Later

April 18, 2016 - Written By Daniel Fuller

The number of people without fixed phone numbers, who cut the figurative cord and go for data-only mobile plans, is increasing daily. These people, when they are forced to make a call or send an old fashioned text message, normally use data-based services to do so. Outside of getting their data from a wireless provider, what do these customers have in common with traditional wireless customers who use calling and SMS services daily? The answer is the SS7, or Signaling System Seven, protocol. This protocol is used in any communications that interface with wireless carriers’ legacy systems, including calling, texting, roaming and billing.

CBS News’ “60 Minutes” segment sat down with a high-level German hacker named Karsten Nohl, who demonstrated a vulnerability to the public more than a year ago that used SS7 to allow a hacker to listen in on texts, calls and the rough location of any customer whose phone number they had. This hack, shown off in 2014 by Nohl at a security convention in Germany back in 2014, is still up and running. In order to demonstrate the hack, CBS gave a regular old iPhone to a California congressman and asked him to use it, warning him that it was a hacking experiment. He agreed and, sure enough, Nohl and his people were able to listen in on conversations, track whoever he called or texted and see the locations of everybody involved at all times.

CBS correspondent Sharyn Alfonsi spoke on the matter, saying that politicians and high-ranking businessmen were likely to be the most at-risk parties, saying that these people’s personal data would be of high value to certain malicious parties for purposes such as defamation and illegally obtaining insider knowledge. She also said that this security flaw is used by intelligence agencies the world over, who may not want to see it fixed and are thus leaving mobile subscribers all over the world, especially the powerful people mentioned above, at risk of having their personal data stolen. The exploit is well known in less reputable communities as well, with governments, OEMs and wireless carriers thus far making no move to patch it up.