Signalling System 7 or SS7 has long known to be vulnerable to hackers. SS7 is the control system protocol that telephone companies use to route and transfer calls between companies and, in the cellular world, between towers.
Since SS7 was designed in the early 1980s, no one was terribly concerned about security. Hackers – or foreign spies – could use SS7 to reroute calls, eavesdrop on calls, intercept text messages and locate users anywhere in the world for example.
As carriers harden their own systems (the front doors), they leave the side doors (the SS7 signalling system that they use to talk to each other) not only unlocked, but propped open.
The Washington Post reported that systems are widely available that allow someone to track where a user is, anywhere in the world, if they have their cell phone powered on.
The GSM Alliance, an industry trade group did acknowledge vulnerabilities for an earlier WaPo article and said that they are planning to replace SS7 over the next DECADE due to vulnerabilities and technical issues.
That means, for at least the next decade, assume that any skilled hacker or spy, anywhere in the world, can eavesdrop on your calls and text messages.
The researchers demonstrated decrypting a call with a German Senator – with his permission. They also said that they could perform mass eavesdropping using a network of antennas.
While there are subtleties and nuances to what can and cannot be done and there are ways that users can better protect themselves, in the absence of users taking extra precautions, they should assume cell phone conversations are not private.
Information for this post came from The Washington Post.