A weakness in the network that enables mobile phone calls means hackers can listen in on any call and find the location of users – and researchers are unclear about how much the vulnerability has already been used.
The flaws make use of a vulnerability in SS7, the global network that allows companies to send calls, texts and other services to each other, reports the Washington Post.
The vulnerabilities are actually functions that are supposed to be used for other purposes, like keeping calls connected as users as they drive down motorways, that hackers re-purposes to allow access to the calls themselves.
Using the vulnerabilities can give hackers access to callers locations and phone calls.
SS7, despite still being key to mobile phone’s functions, was built in the 1980s and is still riddled with serious vulnerabilities. But because it is the foundation of mobile phone systems, even as companies invest billions of pounds into new security and encryption techniques the problems will continue to exist.
The network is used worldwide, meaning that hackers do not even need to be anywhere near users’ phones to break into them.
The flaws will be reported at a hacker conference in Hamburg later this month. That will mark the first time that the vulnerability will be revealed to the public, but the vulnerability is likely to have been exploited already.
“I doubt we are the first ones in the world who realize how open the SS7 network is,” Tobias Engel, one of the German researchers that found the flaw, said.
Security experts recommend avoiding using mobile phones for any calls that contain sensitive information or that you would not like people to listen in on, according to Gizmodo.
"Don't use the telephone service provided by the phone company for voice. The voice channel they offer is not secure," the Alliance for Civil Liberties Union's principle technologist Christopher Soghoian told the gadget blog. Soghoian recommended using internet-based technologies like FaceTime, which is available on any iPhone, rather than mobile phone calls.
The researchers responsible for revealing the hack said that using a landline was also a much safer way of avoiding the problem.Reuse content