A vulnerability in the Signaling System Seven (SS7) has been recently exploited to track location, snoop on messages and phone calls on any type of smartphone, researchers found.
Karsten Nohl, a German hacker, demonstrated how, by leveraging the flaw, he was able to track all this personal information from an iPhone owned by US Congressman Ted Lieu.
First, it’s really creepy, and second, it makes me angry,” the Congressman said in a TV show.
The problem resides in SS7 or Signalling System Number 7 – a telephony signaling protocol used by more than 800 telecommunication operators around the world to exchange information with one another, cross-carrier billing, enabling roaming, and other features.
If one of the telecom operators is hacked, everyone is exposed and a large scale of information, including voice calls, text messages, billing information, relaying metadata and subscriber data, is open to interception.
Also, the vulnerability affects all phones, whether they’re running iOS or Android. Reportedly, the designing flaws in SS7 have been in circulation since 2014.
The people who knew about this flaw [or flaws] should be fired,” Lieu added. “You can’t have 300-some Million Americans – and really, right, the global citizenry – be at risk of having their phone conversations intercepted with a known flaw, simply because some intelligence agencies might get some data.”
The best way users can protect conversations and mobile data is to encrypt it before it leaves the smartphone.