Hacker Nohl shows eavesdropping conversations via leak in telecom infrastructure telecom
Renowned German hacker Karsten Nohl has demonstrated how to exploit vulnerabilities in the network that controls the routing of calls and text messages. With only a phone number, he could eavesdrop on a politician’s conversations and find out his location.
Karsten Nohl demonstrated in a 60 Minutes broadcast that he could intercept conversations of a member of the US Congress and determine his location in Washington. Nohl only needed the politician’s phone number for this. He could also keep track of who called the politician. According to Nohl, his method can be automated for large-scale interception.
As an employee of Security Research Labs, Nohl and Tobias Engel of Sternraute investigate vulnerabilities in SS7 or Signaling System No. 7. The basis of this collection of protocols dates back to the 1970s, but providers worldwide still use them for network servers. These systems transmit telephone calls and text messages, and providers use them to settle roaming charges and exchange subscriber data between servers.
It has been known for some time that SS7 contains poor security. The German hackers already announced their findings in 2014. Nohl and his team have since been investigating the networks of providers worldwide with the companies’ permission. “The mobile networks are the only places where these leaks can be closed. There is no global overview on SS7. Every mobile network has to take action to protect its customers. And that is difficult.”
Specifically, the Germans manage to exploit two vulnerabilities. The first concerns the hijacking of the forwarding function, where an attacker indicates to the network that calls to a certain number must go through his own device. The second method requires setting up antennas to monitor all calls and messages in a particular area. The hackers could instruct the carrier to issue a temporary encryption key to also be able to intercept the encryption of 3G traffic.
According to Nohl, the vulnerabilities primarily pose a risk to political leaders and corporate executives, whose private conversations could be of value. According to him, the vulnerabilities are known to intelligence services worldwide and it will not benefit them if the leaks are closed.