Smartphones can be easily tracked by leveraging an old, yet unpatched security vulnerability in global cellular networks, a researcher has demonstrated.
The issue, brought to the spotlight by Karsten Nohl, a German hacker, resides in Signaling System Seven or Signalling System Number 7 (SS7), a telephony signaling protocol developed in 1975 and used by hundreds of telecom operators worldwide to exchange billing information, SMS, roaming, and other services.
Although most users aren’t aware of the fact, SS7 is what makes it possible for people to call or text each other, and Nohl demonstrated to 60 Minutes that the flaw in this protocol can be leveraged against any smartphone. An attacker could keep track of a device’s location or could eavesdrop on conversations and SMS messages, the researcher says.
What the researcher also revealed was that an attacker doesn’t need anything else other than an individual’s phone number to track their smartphone. Even if location services are turned off on a phone, it can still be tracked because the mobile network is independent from the GPS chip inside the device.
Nohl performed a live demonstration of the vulnerability by tracking the whereabouts of Congressman Ted Lieu, who previously agreed to take part in the experiment. “So any choices that a congressman could’ve made, choosing a phone, choosing a pin number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network,” the researcher said.
According to the researcher, each network has to deal with the issue on its own, but many operators haven’t done so, despite being informed on the issue for several years. In fact, the vulnerability in SS7 was also detailed by researcher Tobias Engel in a presentation during the 2014 Chaos Communication Congress.
Given that researchers warned about the issue before, it’s surprising that wireless carriers haven’t resolved it yet, but some suggest that the flaw remained unpatched for the benefit of intelligence services. Regardless of whether that is true or not, fact is that the SS7 vulnerability poses a significant risk to political leaders and business executives, since their private communications could be so easily snooped.