Every Step You Take, Every Call You Make: Is Your Phone Watching You?

Imagine a world where every mobile move you make – each text message and phone call – is broadcast to complete strangers. A world where owning a mobile device means giving up your right to personal privacy.

Unfortunately with the recent Signaling System 7 (SS7) research that has come to light, it appears that this world already exists – and we’re living in it.

SS7 is a set of telecommunication protocols that dates back to the 80s. These protocols are used to set up, manage and disconnect any calls that are made on the majority of the world’s publicly switched telephone networks. And, what’s worse is that its privacy measures are as dated as the protocols themselves.

Since SS7 was designed prior to the surge of mainstream cellular use, its security measures just haven’t kept up with the times.

During Chaos Communication Congress 31c3 this past month, frightening research was revealed regarding these dated security measures and the ease at which they allow SS7 to be exploited.

There are gaping holes that exist in the SS7 protocol that, when exploited, allow attackers to re-route calls and text messages or carry out distributed denial-of-service attacks.

What’s even more frightening is that these holes also allow anyone to easily learn a mobile user’s location and thus track their every move. This means that someone halfway around the world could compile a detailed profile of your movements, without you ever knowing.

All that’s needed to accomplish this grotesque invasion of privacy? A valid cell phone number.

Currently, anyone is able to purchase SS7 access from telecom and network operators. Some companies are even selling the ability to track your mobile device, wherever you go.  Once this access is granted and the victim’s mobile number is in hand, potential attackers can begin tracking, just as simple as that.

As we’ve discussed before, mobile spyware is a tool that allows hackers to gain control of your mobile device and turn it into a stalking machine. The flaws in the SS7 protocol create a giant, worldwide tracker out of your mobile device, amplifying the threat of such spyware – an extremely frightening reality for consumers.

A solution exists for a small subset of Qualcomm users, running firmware 4.1 or higher through a recently developed app called SnoopSnitch. This app offers protection against the vulnerabilities presented by SS7. Aside from this, there has yet to be a response from telecommunications providers detailing how they intend to fix this issue.

With SS7’s flaws and other mobile spyware running rampant, it’s now more vital than ever to install comprehensive security software on your mobile device. McAfee® Mobile Security is free for Android and iOS users, and offers a variety of protections, including one that detects and wards against most forms of spyware.

As always, to keep up with the latest security threats, make sure to follow @IntelSec_Home on Twitter and like us on Facebook.

lianne-caetano