Your phone isn’t secure, seek better end-to-end encryption – researchers

19 Dec 2014

The vast majority of global telephone communications are entirely insecure, allowing anybody to hack in and listen to your calls or read your texts, researchers suggest.

German researchers have discovered a flaw, or series of flaws, in the SS7 global network that supports all cellular communications.

SS7 stands for Signalling System 7, and the discovered flaws means telephones are open to external access from myriad of threats. That is despite your provider’s best efforts at securing the line.

“It’s like you secure the front door of the house, but the back door is wide open,” said Tobias Engel, one of the researchers, ahead of a hacker conference in Hamburg where the full report will be disclosed.

According to The Washington Post, the researchers have yet to find evidence that their latest discoveries, “which allow for the interception of calls and texts, have been marketed to governments on a widespread basis.”

It would be fairly surprising to find out that, with flaws these revealing, no state body is getting its hands dirty.

“Many of the big intelligence agencies probably have teams that do nothing but SS7 research and exploitation,” says Christopher Soghoian, an expert on surveillance technology, in The Washington Post. “They’ve likely sat on these things and quietly exploited them.”

Perfect for spying

Tobias Engel and Karsten Nohl discovered the issues, which undermine service providers because, despite your mobile phone provider’s best efforts, they are mostly based on the SS7 network.

“It’s all automated, at the push of a button,” Nohl said of the two techniques which allow for this potentially widespread eavesdropping. “It would strike me as a perfect spying capability, to record and decrypt pretty much any network… Any network we have tested, it works.”

In Kate Knibbs’ report on this story for Gizmodo, Soghoian told of his reluctance to rely on phone networks for secure voice calls. “Don’t use the telephone service provided by the phone company for voice. The voice channel they offer is not secure,” he said to Knibbs.

“If you want to make phone calls to loved ones or colleagues and you want them to be secure, use third-party tools. You can use FaceTime, which is built into any iPhone, or Signal, which you can download from the app store. These allow you to have secure communication on an insecure channel.”

Indeed securing an end-to-end encryption service seems the only way to get around this problem, and it must be said that there’s been no proof of anyone profiting from the potential availability of your messages.

But it’s still pretty scary stuff, and I’m struggling to think of a widespread communications service that has yet to implicated in global spying campaigns. What a wonderful age we live in.

Back in the good old days, spies had to do all the hard work, like wearing trench coats, cutting two holes in newspapers and watching people hour after hour. Now they just sit back and wait for the information to come their way. How times have changed.

Spy eavesdropping on a call image and man spying through a newspaper image via Shutterstock

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com