CybersecurityHackers exploit flaws in mobile phones’ security
Owners of smartphones have developed a sense of security, using them as if they were sitting in front of their computers at home. Once used for voice transmission only, mobile phones, or smartphones, have grown to become devices used for shopping, bill paying, bank transactions, and a host of other applications. Unfortunately, they are not nearly as secure as most users think they are. Hackers have found a number of flaws, and are capable of exploiting them.
Mobile phones are everywhere. The ubiquitous devices have become so commonplace that it is easy to believe that nearly everyone has one.
Owners of these devices have had a sense of security, using them as if they were sitting in front of their computers at home. Once used for voice transmission only, mobile phones, or smart phones, have grown to become devices used for shopping, bill paying, bank transactions, and a host of other applications.
Unfortunately, they are not nearly as secure as most users think they are. Hackers have found a number of flaws, and are capable of exploiting them.
The primary component of these breaches is Signal System 7 (SS7,) which enables mobile roaming between two different phone service providers.
As Computer Weekly reported, hackers are able to monitor the target phone half a world away. As demonstrated by an Australian television show, hackers in Australia access a mobile phone in Germany, recording the conversation of a German politician, and tracking his movements from thousands of miles away.
That demonstration has also raised serious questions about the security of SMS verification systems used by online banking and e-mail services.
The problem arises because international agreements require all telecommunications providers to provide details of their subscribers through the SS7 system to another provider on request, including the name and contact details of the subscriber, as well as, crucially, the location of the nearest mobile phone tower.
Using a man-in-middle attack, the breach is not a direct connection to the target device, but an interception of the target device’s inbound and outbound signals. The signals are then recorded and forwarded to the intended recipient of the signals.
Correctly used, all this activity is invisible to the parties on the call. Additionally, it also allows the movements of a mobile phone user to be tracked on applications such as Google Maps.
Telecommunications security specialist Peter Cox remarked in Computer Weekly that the interception of phone conversations can have serious repercussions.
He cited as an example a situation in which a phone conversation discussing the details on a pending merger were leaked out, the people involved in the discussion would be implicated in compliance violations.
Cox went on to say that, “Users should consider alternatives, such as using voice over IP services with encryption, and should recognize if you are using a mobile phone, you are on a public network, and all the security vulnerabilities that you apply to data should apply to voice calls.”
