Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Vulnerability in Mobile Networks Allows Easy Phone Tracking

Smartphones can be easily tracked by leveraging an old, yet unpatched security vulnerability in global cellular networks, a researcher has demonstrated.

Smartphones can be easily tracked by leveraging an old, yet unpatched security vulnerability in global cellular networks, a researcher has demonstrated.

The issue, brought to the spotlight by Karsten Nohl, a German hacker, resides in Signaling System Seven or Signalling System Number 7 (SS7), a telephony signaling protocol developed in 1975 and used by hundreds of telecom operators worldwide to exchange billing information, SMS, roaming, and other services.

Although most users aren’t aware of the fact, SS7 is what makes it possible for people to call or text each other, and Nohl demonstrated to 60 Minutes that the flaw in this protocol can be leveraged against any smartphone. An attacker could keep track of a device’s location or could eavesdrop on conversations and SMS messages, the researcher says.

What the researcher also revealed was that an attacker doesn’t need anything else other than an individual’s phone number to track their smartphone. Even if location services are turned off on a phone, it can still be tracked because the mobile network is independent from the GPS chip inside the device.

Nohl performed a live demonstration of the vulnerability by tracking the whereabouts of Congressman Ted Lieu, who previously agreed to take part in the experiment. “So any choices that a congressman could’ve made, choosing a phone, choosing a pin number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network,” the researcher said.

According to the researcher, each network has to deal with the issue on its own, but many operators haven’t done so, despite being informed on the issue for several years. In fact, the vulnerability in SS7 was also detailed by researcher Tobias Engel in a presentation during the 2014 Chaos Communication Congress.

Given that researchers warned about the issue before, it’s surprising that wireless carriers haven’t resolved it yet, but some suggest that the flaw remained unpatched for the benefit of intelligence services. Regardless of whether that is true or not, fact is that the SS7 vulnerability poses a significant risk to political leaders and business executives, since their private communications could be so easily snooped.

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Chinese tech giant Huawei patched nearly 300 vulnerabilities in its HarmonyOS operating system in 2022.