The security of global mobile phone networks has been called into question after a controlled hack showed how phone calls and text messages can be intercepted by cyber criminals.
An experiment carried out for Australian TV programme 60 Minutes demonstrated a vulnerability in Signalling System Number 7 (SS7), a global system used by around 800 telecoms companies across the world to share mobile data while roaming.
However, the system shows identifiable information, including a mobile phone's unique IMEI number, details of the account holder and the closest cell tower.
The hack, which was given legal permission to take place, shows how German security consultant Luca Melette, working from Berlin, was able to intercept and record a mobile phone conversation and a text message exchange between 60 Minutes reporter Ross Coulthart and independent Australian senator Nick Xenophon.
Using the SS7 network allowed the hacker to hear and record the conversation in real time and to 'geo-track' the movements of the participants via nearby cell towers.
Xenophon, who also gave permission for the hack to take place, explained that he was shocked that the vulnerability existed and has called for a public inquiry.
"It means anyone with a mobile phone can be hacked, can be bugged, can be harassed. The implications of it are enormous and what we find shocking is that the security services, the intelligence services, know about this vulnerability," he said.
Coulthart explained that the scope of potential cyber attacks is growing as more people get access to SS7 protocols.
"Historically, only large telecoms providers were allowed to query SS7 for subscriber data, but in recent years VoIP providers, smaller phone companies and numerous third-party SMS messaging services are now gaining access," he said.
However, Coulthart warned that intelligence agencies may not want the SS7 vulnerability to be fixed.
"It has long been speculated in security industry circles that the reason why countries like Australia and the US have not rushed to ensure the SS7 vulnerability is fixed is because the location tracking and call bugging capacity has been widely exploited by intelligence services for espionage," he said.
"It is no revelation, of course, that intelligence agencies such as the US National Security Agency or the Australian Signals Directorate, part of the so-called five-eyes communications spying alliance, have such powers."
Australia is a member of the Five Eyes alliance which is bound by the USAUK surveillance agreement. The other countries are the US, UK, Canada and New Zealand.
The SS7 vulnerability was originally discovered by researcher Tobias Engel and first shown at the Chaos Communication Congress in Germany in December last year.
Research carried out by Adaptive Mobile uncovered information in the Hacking Team data leak that SS7 attacks were being actively used for network surveillance.
Cathal McDaid, head of threat intelligence at Adaptive Mobile, explained that security in the SS7 network has become of paramount importance for the mobile community.
"Knowing how these surveillance companies regard and use SS7 is essential. It seems that there is a wider group of commercial entities selling systems that allow surveillance over SS7, and that these systems are for offer today," he said.
McDaid told V3 that his company puts those identified as using SS7 protocols into three categories: countries, corporations and criminals.
He noted that his team has seen SS7 activity in the past while monitoring networks, but that it is difficult to determine the source.
"In our research we have seen suspicious network activity. We have seen it being used and we try and block it as it's encountered," McDaid said, although he acknowledged that SS7 remains a "shadowy system".
McDaid added that hackers currently target high-profile victims, but that as access to the SS7 network spreads and becomes more well-known in hacker circles, it may be used to target ordinary citizens.
"Unfortunately there's very little anyone can do," he warned. "It all comes down to the operator. Contact your operator and ask them what they are now doing to stop this."
North Korean hackers reportedly step up their activity as tensions with the US increase
Ice Lake probably won't appear before 2019 at the earliest
Krzanich follows Kevin Plank of Under Armor and Kenneth Frazier of Merck
Release of latest version of Android imminent