Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Vulnerability in Mobile Networks Allows Easy Phone Tracking

Smartphones can be easily tracked by leveraging an old, yet unpatched security vulnerability in global cellular networks, a researcher has demonstrated.

Smartphones can be easily tracked by leveraging an old, yet unpatched security vulnerability in global cellular networks, a researcher has demonstrated.

The issue, brought to the spotlight by Karsten Nohl, a German hacker, resides in Signaling System Seven or Signalling System Number 7 (SS7), a telephony signaling protocol developed in 1975 and used by hundreds of telecom operators worldwide to exchange billing information, SMS, roaming, and other services.

Although most users aren’t aware of the fact, SS7 is what makes it possible for people to call or text each other, and Nohl demonstrated to 60 Minutes that the flaw in this protocol can be leveraged against any smartphone. An attacker could keep track of a device’s location or could eavesdrop on conversations and SMS messages, the researcher says.

What the researcher also revealed was that an attacker doesn’t need anything else other than an individual’s phone number to track their smartphone. Even if location services are turned off on a phone, it can still be tracked because the mobile network is independent from the GPS chip inside the device.

Nohl performed a live demonstration of the vulnerability by tracking the whereabouts of Congressman Ted Lieu, who previously agreed to take part in the experiment. “So any choices that a congressman could’ve made, choosing a phone, choosing a pin number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network,” the researcher said.

According to the researcher, each network has to deal with the issue on its own, but many operators haven’t done so, despite being informed on the issue for several years. In fact, the vulnerability in SS7 was also detailed by researcher Tobias Engel in a presentation during the 2014 Chaos Communication Congress.

Given that researchers warned about the issue before, it’s surprising that wireless carriers haven’t resolved it yet, but some suggest that the flaw remained unpatched for the benefit of intelligence services. Regardless of whether that is true or not, fact is that the SS7 vulnerability poses a significant risk to political leaders and business executives, since their private communications could be so easily snooped.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.