With few lines of code, a savvy hacker can determine your location, intercept calls and SMS.
According to renowned researcher Tobias Enget Hacker, who presented SS7: Locate. Track. Manipulate at Chaos Communication Congress 31c3 last week, “Companies are now selling the ability to track your phone number wherever you go. With a precision of up to 50 meters, detailed movement profiles can be compiled by somebody from the other side of the world without you ever knowing about it. But that is just the tip of the iceberg.”
And it is not only NSA (or other intelligence agencies) that can monitor your movement and intercept communication. Any business or individual can exploite SS7 network vulnerabilities to gain access to subscribers mobile devices.
SS7 protocol is used by mobile operators to direct calls and SMS to their customers, even when they are in another country. In theory, access to the SS7 network is reserved for telephony operators. However, by gaining access to the network business and individuals can have a field day.
“From the moment you have network access, there are hardly any security mechanism,” says Tobias Engel.
<iframe width=”560″ height=”315″ src=”//www.youtube.com/embed/lQ0I5tl0YLY” frameborder=”0″ allowfullscreen></iframe>
What is rather scary is the assertion that gaining access to a mobile operator’s network is relatively easy.
Karsten Nohl of the German company Security Research Lab who also presented his research asserted that accessing “the location is very easy.” He argued that “even 3G is attackable,” suggesting “it’s high time we upgrade from complaining to self-defense.”
Tobias Engel presented how he tracked and monitor mobile devices accorss the globe. Several US companies even provide what phones their customers location service, as recently reported in the Washington Post
Intercepting calls is little more complicated. On stage, Karsten Nohl also demonstrated spoofing the phone number and potentially transferring to call to a computer where it can be recorded. Same can be done with SMS.
Subscribers don’t really have many options. Tobias Engel joked: “There are only two solutions to the user. Tell the operator, but I’m not sure that a call to the hotline work, or get rid of his phone.”
But if you don’t want to get rid of your phone, Karsten Nohl launched SnoopSnitch (https://play.google.com/store /apps/details?id=de.srlabs. snoopsnitch), a free application to detect whether a subscriber is monitored via the SS7 network.
“You receive warnings when something out of the ordinary,” Nohl said. “For example, if I ask your operator your location through the SS7 network, your phone is loaded but nothing happens for you. The application notifies you if such an event occurs.”
This tool can also detect certain types of interception. The application collects data throughout the day, “like a virus that people have on their computer.” The user can then choose to share this data with Security Research Lab to supply a map, GSMMap.org (http://gsmmap.org/).