Report reveals that telecom industry networks are vulnerable to hacking

A CBC report has highlighted just how easy it is to hack a cellphone

Telephone wires

It’s actually quite easy for someone to hack your phone to record phone calls, access voicemail or track someone’s location.

A joint CBC News/Radio-Canada report has revealed it’s surprisingly easy for malicious actors to take advantage of the world’s telecom infrastructure.

According to the CBC News report, the central issue has to do with Signalling System No. 7 (SS7) — the signalling protocols responsible for establishing mobile phone calls, text messages and other services.

Karsten Nohl, a German cybersecurity expert who spoke with CBC News — and who helped the broadcasting corporation hack an MP’s phone with the MP’s consent — explained that hackers can easily abuse the SS7 network.

“The technology is built with good intentions to make a very useful phone network and good user experience, but it lacks any kind of security and it’s open to abuse,” said Nohl, in an interview with CBC News.

CBC News also tested how easy it would be to hack a cell phone running on the Rogers or Bell network. The intent was to demonstrate whether or not SS7 abuse was possible in Canada.

Ultimately, hackers working with CBC News were able to successfully — and consensually — record a conversation between an MP and a Radio-Canada reporter.

Hackers were also able to geolocate the device, that was in Ottawa at the time.

“Relative to other networks in Europe and elsewhere in the world, the Canadian networks are easy to hack,” said Nohl. “I think the two Canadian networks we tested have about 10 percent of the security that they need to do to protect from SS7 attacks.”

Comments from Canada’s carriers

MobileSyrup reached out to Canada’s big three carriers for comment on both the CBC News story and the likelihood that Canadians should worry about SS7 attacks.

Rogers responded by stating that the company “actively [works] with global industry partners and law enforcement to introduce world-leading security standards.”

“On SS7, we have already introduced and continue to implement the most advanced technologies but we are unable to share specific details for security reasons,” reads an excerpt from a Rogers email sent to MobileSyrup.

Bell also commented, reiterating many of the points raised by Rogers.

“It is important to note that SS7 attacks do require privileged access to a carrier’s network from another mobile carrier,” said a Bell spokesperson, in an email to MobileSyrup. “Bell is always updating its network architecture to manage these potential risks, and no network is more secure. We cannot comment on the specific steps we are taking to protect our networks.”

Update 27/11/17: Telus responded to MobileSyrup‘s request for comment:

“Protecting our customers’ privacy is vitally important to Telus. We are well aware of the threats and vulnerabilities associated with the global telecommunications infrastructure that relies on the SS7 protocol, and we are actively investing in new capabilities to mitigate the risk. TELUS continues to participate in national and international security groups that share information and best practices regarding these threats and vulnerabilities as they arise.”

Source: CBC News