“German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available,” Craig Timberg reports for The Washington Post.
“The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s cellular carriers to route calls, texts and other services to each other,” Timberg reports. “Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.”
“The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network,” Timberg reports. “Those skilled at the myriad functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is potential to defraud users and cellular carriers by using SS7 functions, the researchers say.”
Read more in the full article here.
You mean the NSA didn’t know about this and spent untold millions of dollars on their own system, which was then leaked by Edward Snowden, much to their embarassment, when they could have just listened in through SS& vulnerabilities?
SS& should be SS7, Slow caps release…
Why design and anti-gravity pen when a pencil will do?
Because a pencil is not permanent. It can be accidentally smudged or intentionally erased. Permanent ink is absolutely required.
Pencils shed graphite dust which is conductive and can damage instrumentation.
I didn’t see where the article says anything about the NSA not knowing about this. Of course they know about it. The technology is from the ’80s.
It’s not a bug – it’s a feature.
BURIED in the article: “Several smartphone-based text messaging systems, such as Apple’s iMessage and Whatsapp, use end-to-end encryption methods that sidestep traditional cellular text systems and likely would defeat the technique described by Nohl and Engel.”
That’s when iMessage is working and not switching over to SMS.
Thanks for the post. I often don’t have the opportunity to read the linked article.
I find most people talk to loud on their cell phone. No spyware needed.