cybersecurity guide networking News privacy security smartphone surveillance technology telecom Tutorials

Could Hackers Be Spying on Your Phone Right Now? The Shocking Truth About SS7!

Ehtasham Ahmad15 hours ago

0 0 5 minutes read

The idea of digital privacy at the personal level is no less than a mirage: everyone thinks that their privacy is ensured, but it is not. The loopholes in the mobile phone networking systems exist, which have been the source of surveillance done by agencies around the world. But their existence is also known to hackers globally who have a history of taking advantage of these loopholes to gain access to personal and confidential information of individuals. Thus, we come across cases of banking systems hacked by foreigners to loot millions of dollars without leaving a trail.

Hackers manipulate SS7 (Signal System 7), a system on which the whole networking web of calls and messaging is based on, by cunningly infiltrating it using advanced software. They keep themselves anonymous while retrieving users’ personal data, making them invisible to the eyes of authorities. Because they could be foreigners, tracking them down becomes a remote possibility. As a result of this, the issue remains unsolved.

To understand how this hacking is done via mobile phone networking, how modern smartphones function should be grasped. The comprehension would expose the degree of vulnerability that each mobile phone holder is facing, without having the slightest notion of being in such a situation.

History Of Phone Networking

The first phones were simple devices without any buttons and with 45V current coming from an exchange. When their receivers were picked up, it completed a circuit inside those devices, sending a signal to operators who would then manually connect the call to the other end.

This method was cumbersome, so those devices got replaced with rotary phones having a circular dial on their face. A rotary phone had a circular metal plate inside that would move when a number was dialed. Each dialed number would send control signals, as per the dialed number, to an operator, who would then connect the call. But those devices failed terribly while connecting calls to a remote area, for control signals were lost on the way.

To tackle this anomaly, button phones were introduced that employed double frequencies for each number and took advantage of the transmission lines designed to carry frequencies within humans’ hearing range, 300 Hz to 3400 Hz.

A phone call was first directed to an operator who would then direct it to its destination. People possessing knowledge of signals and phone networking knew that there was a big loophole in this networking system, which they exploited.

One of such examples include the founders of Apple, Steve Jobs and Steve Wozniak, whose Blue Box enabled users to fool operators by giving controlled frequencies to a phone to enjoy free calls to all places.

When the loophole got recognised, it gave birth to SS7 employed by telecommunication companies globally even today to connect calls. Even after having a separate digital line, SS7 has never been perfect. Just like Steve Wozniak, masters of the field knew how to bypass the system, and they have been doing so.

How Did Blue Box Succeed?

Steve Wozniak only manipulated the frequency-based system. First a person would dial a toll free number, which the local operator would intercept; next 2600 Hz frequency or tone would be given–this frequency symbolizes disconnected calls–,forcing the remote operator to give the same frequency also, implying that there is no call on the line, but the person is on the line; now the person will stop sending 2600 Hz frequency, indicating to the remote operator of a new call, followed by the pulse tone, the desired number and start tone. This would result in a successfully dialed free call to a remote location, which is still a toll free call to the local operator.

So what Blue Box actually did was the manipulation of the system being used by phones then. The same is the case with the existing SS7 system whose manipulation by hackers solely due to the inherent faults in the system.

How Does SS7 Get Manipulated?

Signal System 7 is a web of telecommunication companies interacting with one another to receive and forward calls and messages from customers. Because it comprises hundreds of telcos, many of them are not as trustworthy as most of them are. Consequently, they or their employees could easily be bribed to get access to SS7. This is exactly what has happened in the past. Hackers have successfully bribed many of these local and untrustworthy companies to gain this access, and having access to one of the telcos under the umbrella of SS7 means entering the whole web of SS7. Thereafter, hacking anyone’s smartphone is a piece of cake for professional hackers.

Hackers only need your mobile number to send your network a request for your IMSI ( International Mobile Subscriber Identity)–a unique 15 digit number assigned to every sim card–to gain full access to your mobile phone, which would not be a demanding task if money can get it for them. With the knowledge of IMSI of a specific sim card, hackers, using advanced softwares like Pegasus, can trick your network provider to think that your number is roaming and can then easily change that number with their own. Resultantly, all calls and messages on their way to your phone would be redirected to theirs, giving full access to your confidential details.

The consequences are not just limited to your calls and messages. Hackers are then in the position to change passwords of your online accounts, including banking accounts, by completing sms verification–because they are receiving messages now. Thus, you could lose all your money within minutes. Moreover, your location can also be compromised. By tracing the signal tower used by your phone and calculating the time signals take to reach your phone, the location of your current place could be pinpointed.

To give you an idea of their effectiveness, Sheikha Latifa, the daughter of the current ruler of Dubai, ran away from home in 2018. But she was traced soon on a boat near the Indian coast by exploiting the same SS7 protocol and using the same deceitful ways mentioned above.

How To Safeguard Your Phone Against Such Attacks?

Modern smartphones offer built-in encryption. Enabling it would put smartphones in a better position against hackers trying to access data. Similarly, the apps like Signal and WhatsApp, offering end-to-encryption on calls and messages should be used for communication. Even if a smartphone using such apps gets hacked, hackers will not be able to decipher encrypted information. Try browsing the internet using a trusted VPN, which makes the internet traffic encrypted and difficult to detect. Lastly, if possible, install network firewalls to receive an alert at the very moment when someone tries intruding into your phone.

SS7 attacks only show the inherent faults within the system. Just like the previous phone networking systems, it might be replaced with a new one soon. But the possibility of having inherent flaws that lead to hacking will not cease even with this new networking system.

Image: DIW-Aigen