Attacks staged from anywhere in the world could record your phone calls, read your text messages or even make charges on your account, warn German security experts
Phone calls and text messages between UK mobile phones are vulnerable to hackers anywhere in the world because of flawed infrastructure designed in the 1980s, warn researchers.
German security experts claim that hackers – or spy agencies – could use flaws in the “SS7” network to listen to phone calls, read text messages or even defraud customers’ accounts. The network is a system of protocols which are used by networks around the world to start and end phone calls and route text messages, although it is known by different names around the world.
It is possible to use legitimate features of the system designed to keep a phone call going when the user is driving, by switching from one tower to another, for nefarious purposes.
One attack involves recorded encrypted phone calls and later tricking the network into revealing a key which can be used to decrypt the call and listen to it.
Researchers warn that even networks which take steps to protect their systems will still be vulnerable, as SS7 is designed to allow networks to interoperate – the flaw can be taken advantage of through an African or Asian mobile phone network but ultimately target a customer in the US or UK.
“It’s like you secure the front door of the house, but the back door is wide open,” said Tobias Engel, one of the German researchers, speaking to the Washington Post .
The attack was demonstrated on a phone belonging to a German senator last week, with his permission. The findings will be revealed in a presentation at a hacker conference in Hamburg later this week.