Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Vulnerability in Mobile Networks Allows Easy Phone Tracking

Smartphones can be easily tracked by leveraging an old, yet unpatched security vulnerability in global cellular networks, a researcher has demonstrated.

Smartphones can be easily tracked by leveraging an old, yet unpatched security vulnerability in global cellular networks, a researcher has demonstrated.

The issue, brought to the spotlight by Karsten Nohl, a German hacker, resides in Signaling System Seven or Signalling System Number 7 (SS7), a telephony signaling protocol developed in 1975 and used by hundreds of telecom operators worldwide to exchange billing information, SMS, roaming, and other services.

Although most users aren’t aware of the fact, SS7 is what makes it possible for people to call or text each other, and Nohl demonstrated to 60 Minutes that the flaw in this protocol can be leveraged against any smartphone. An attacker could keep track of a device’s location or could eavesdrop on conversations and SMS messages, the researcher says.

What the researcher also revealed was that an attacker doesn’t need anything else other than an individual’s phone number to track their smartphone. Even if location services are turned off on a phone, it can still be tracked because the mobile network is independent from the GPS chip inside the device.

Nohl performed a live demonstration of the vulnerability by tracking the whereabouts of Congressman Ted Lieu, who previously agreed to take part in the experiment. “So any choices that a congressman could’ve made, choosing a phone, choosing a pin number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network,” the researcher said.

According to the researcher, each network has to deal with the issue on its own, but many operators haven’t done so, despite being informed on the issue for several years. In fact, the vulnerability in SS7 was also detailed by researcher Tobias Engel in a presentation during the 2014 Chaos Communication Congress.

Given that researchers warned about the issue before, it’s surprising that wireless carriers haven’t resolved it yet, but some suggest that the flaw remained unpatched for the benefit of intelligence services. Regardless of whether that is true or not, fact is that the SS7 vulnerability poses a significant risk to political leaders and business executives, since their private communications could be so easily snooped.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move

Expert Insights