‘Mobile calls and text messages can be easily tapped through the buggy ss7 protocol’

German researchers have discovered functions in the signaling system no.7 protocol, or ss7, that allow large-scale interception of mobile telephone traffic even when using strong encryption. Ss7 is used by almost all telcos for mutual communication.

The ss7 protocol, an ITU standard, is used for, among other things, making and dropping calls, SMS traffic and the settlement of roaming charges between providers. However, according to the German researchers Tobias Engel and Karsten Nohl, the protocol is also very vulnerable and can be misused by, for example, secret services and hackers to listen to conversations on a large scale, to track mobile phone owners and to intercept SMS traffic. writes The Washington Post.

The German researchers, who independently researched the ss7 protocol, have developed two methods. In the first method, the call forwarding functionality of a mobile phone is abused via commands on the ss7. By first transferring a call to your own device and then to a target’s mobile phone, attackers can endlessly monitor all incoming and outgoing calls from that person from anywhere.

In a second method, the attackers use a radio antenna to intercept mobile signals and text messages from the airwaves. This data, which is encrypted, can be stored locally. By requesting a temporary decryption key from the relevant provider via the ss7 protocol, the data can then be decrypted. According to Nohl, this system can be highly automated and can be rolled out on a large scale.

Nohl and Engel state that ss7 is so vulnerable that a provider can encrypt its data traffic strongly and take other security measures, but because the company must be able to communicate with other telcos via the protocol, they will be and remain vulnerable.

The two researchers will announce more details about the methodology used during the upcoming hacker conference Chaos Communications Congress in Hamburg. The GSMA Association will not comment on the findings until then. The Washington Post previously showed that a lot of money is being made with systems that also enable governments to determine the location of mobile phone owners via the any time interrogation-ss7 command.