SS7 Mobile Network Vulnerabilities you Need to Know About
Unfortunately, mobile networks are vulnerable to attack and with just $300 and some know-how from the Internet, criminals, hackers, foreign governments and many others can gain access to mobile networks and listen in as well as record your phone calls and text messages.
In 2014, German researchers discovered a security flaw enabling hackers, criminals and other to intercept phone calls and text messages – even when cellular networks are using advanced encryption.
What is SS7 and Why is it Vulnerable?
These flaws are in Signaling System 7 (SS7), an international telecommunications standard designed in the 1980s that routes calls, texts and other services across cellular networks. Since mobile users are mobile – calls need to continuously move transparently between cell towers and networks, without dropping calls or decreasing in quality. SS7 is what makes this possible – and the ‘tools’ that make it possible are the same ‘tools’ that inherently make it vulnerable to attackers.
Even as cellular carriers upgrade to advanced 3G technology, partially to secure communications from eavesdropping, those carriers continue to connect with other carriers over SS7, leaving them vulnerable to any company worldwide with access to SS7.
What you can do to Secure your Calls and Messages from SS7 Vulnerabilities
Senator Ron Wyden (OR) and Representative Ted Lieu (CA) have written letters to the Department of Homeland Security (DHS) and the Federal Communications Commission (FCC) outlining the risks and expressing their concerns.
The Federal Communications Commission (FCC) put together a Working Group, and in the Final Report distributed March 2017, they made the following recommendation:
“When making a call using a landline or mobile phone, the call is not encrypted end-to-end. Most mobile phones do use some form of encryption over the air interface between the mobile device and the towers. However, the call is delivered “in the clear” as it traverses the network and is vulnerable to interception using the techniques that have been described earlier in the Risk Assessment Report. End to end encryption means that the data is encrypted at the source device with a user specific key and delivered to the end device where it is decrypted using the same key. In practice, the complexity of key management and encryption/decryption is handled by applications deployed at the end devices. There are a number of such applications available on the market today, but the consumer needs to be wary that they are using an application that truly encrypts end to end.“
End-to-end encryption is recommended to mitigate the risks – and ensure your private information remains private, and is only shared with those you intend to share with.
There are many applications today that provide some form of encryption, and as recommended by FCC, it’s important to ensure that your information is truly encrypted. At KoolSpan, we’ll be happy to evaluate your mobile communication encryption needs and assess the best solution for you.