^

World

Security flaws allow global cellular eavesdropping

Frank Jordans - The Philippine Star

BERLIN — Security flaws in a system used by cellphone carriers around the world could open the door to wide-ranging surveillance of mobile phone traffic, according to a German researcher who discovered the problem.

The issue affects a telecommunications standard called Signaling System 7, or SS7, which is used by carriers to manage connections between cellular networks. The Berlin-based Security Research Lab, which discovered the problem in August, said a skilled person could exploit the flaws to eavesdrop on the phone calls, text messages and data traffic of billions of people.

"Given how valuable such spying capabilities are to states and other criminal actors, I would be very surprised if we are first to find these hacking vectors," company researcher Karsten Nohl said Friday.

Nohl said cellphone companies were quietly told about the problem earlier this month. The Washington Post and Germany's Sueddeutsche Zeitung newspaper reported on it Thursday.

At least two German cell companies, T-Mobile and Vodafone Deutschland, said they have taken measures to prevent criminals and spies from exploiting the flaws to eavesdrop on customers.

The global cellular operators body GSMA said it, too, was told of the problem and was awaiting further details to be presented at a computer security conference in Hamburg, Germany, next week.

A spokeswoman for GSMA said the reported problem affects 2G and 3G networks, but not the newest 4G standard.

"The research disclosures made to the GSMA enabled us to conduct a preliminary analysis, consider the implications and provide recommendations to our members, including mobile network operators and infrastructure vendors, on how to mitigate the identified risks," Claire Cranton told The Associated Press.

Nohl noted that carriers can easily close the security hole by blocking certain network requests submitted over SS7 — a three-decades old system — by other companies.

"We were really surprised that most of them don't do that," he said. "It's like the Internet before firewalls became popular."

Users can protect themselves independently of their cellphone carriers by using applications that encrypt their calls, messages and emails, Nohl said.

ASSOCIATED PRESS

CLAIRE CRANTON

KARSTEN NOHL

NOHL

PROBLEM

SECURITY RESEARCH LAB

SIGNALING SYSTEM

SUEDDEUTSCHE ZEITUNG

T-MOBILE AND VODAFONE DEUTSCHLAND

WASHINGTON POST AND GERMANY

  • Latest
  • Trending
Latest
Latest
abtest
Are you sure you want to log out?
X
Login

Philstar.com is one of the most vibrant, opinionated, discerning communities of readers on cyberspace. With your meaningful insights, help shape the stories that can shape the country. Sign up now!

Get Updated:

Signup for the News Round now

FORGOT PASSWORD?
SIGN IN
or sign in with