German researchers have discovered a new flaw in the global network known as Signalling System 7 (SS7), which could allow hackers and spies to intercept communications on a massive scale, the Washington Post reports.
Due to be presented at a hacker conference in Hamburg this month, the research finds that certain functions built into SS7 can be exploited to listen to private phone calls and read text messages anywhere in the world. Because SS7 was created to allow cellular carriers to route communications services to each other—for example, by switching between cell towers as callers drive down highways—its security flaws actually give hackers access to a massive network of users.
Unwarranted surveillance, including by private parties, is not the only risk that comes out of the SS7 weak spots. It also means that users could be targeted for fraud or scam operations.
The news comes amidst recent revelations about the extent to which powerful governments—including those of the U.S. and the U.K.—have been conducting surveillance sweeps of foreign diplomats as well as their own citizens. NSA whistleblower Edward Snowden’s document leak in 2013 brought the crisis to international attention, which in turn prompted cell phone users to demand better privacy protection from private companies. But according to the researchers, even those efforts are not enough.
The Post explains:
These vulnerabilities continue to exist even as cellular carriers invest billions of dollars to upgrade to advanced 3G technology aimed, in part, at securing communications against unauthorized eavesdropping. But even as individual carriers harden their systems, they still must communicate with each other over SS7, leaving them open to any of thousands of companies worldwide with access to the network. That means that a single carrier in Congo or Kazakhstan, for example, could be used to hack into cellular networks in the United States, Europe or anywhere else.
