Signalling System No. 7 (SS7) is a set of telephony signaling protocols that provides the backbone for all cell phone communication everywhere in the world. It allows phone networks to communicate between themselves in order to connect users and pass message between networks, ensure correct billing, and to allow users to roam on other networks.
SS7 is easily hacked
Ever since 2008 it has been widely known that vulnerabilities in SS7 allow cell phone users to be secretly hacked. The industry did nothing about this, however, because the risks were thought to be purely theoretical.
This changed in 2014 when vulnerabilities in SS7 allowed hackers to record a rather embarrassing secret unencrypted phone conversation between the US ambassador to Ukraine and US Assistant Secretary of State Victoria Nuland, in which he was highly critical of the EU.
In April this year, US congressman Ted Lieu agreed to participate in an experiment performed for the TV program 60 Minutes. For the show, German security researcher Karsten Nohl successfully demonstrated how easy it was to hack Lieu’s iPhone from his base in Berlin knowing only its phone number.
“Nohl pinpointed Lieu’s movements down to districts within Los Angeles, read his messages and recorded phone calls between Lieu and his staff.”
The mobile network is independent from the little GPS chip in your phone, it knows where you are. So any choices that a congressman could’ve made, choosing a phone, choosing a pin number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network. That, of course, is not controlled by any one customer.
Lieu has now called for an official investigation of the “open secret” SS7 vulnerability:
The vulnerability has serious ramifications not only for individual privacy but also for American innovation, competitiveness, and national security. Many innovations in digital security – such as multi-factor authentication using text messages – may be rendered useless.
It is widely believed, however, that government agencies such as the NSA and GCHQ routinely exploit SS7 vulnerabilities in order to snoop on targets. It is therefore likely that they will oppose any attempts to fix the problem.
Encryption has problems
Until now it was thought that using encrypted apps such as WhatsApp and Telegram would protect users against such snooping. As such, the advice given has been to avoid making calls or sending texts using your mobile network connection, and use encrypted messaging apps instead.
New research, however, suggests that even using encrypted apps may not be as secure as has previously been believed.
It is possible for attackers who have access to the SS7 network to take control of a victim’s phone number, and then use this number to register the app in the victim’s name. The attacker can then masquerade as the victim to the victim’s contacts.
Because apps such as WhatsApp and Telegram rely solely on phone numbers to verify the identity of users (at least by default), this presents a major security threat.
It is important to stress is that the actual encryption used by WhatsApp and Telegram* (etc.) has not been compromised per se. This attack is more akin to the attacker stealing the victim’s phone and then impersonating them when you call. It, therefore, sidesteps any encryption used, rather than breaking it.
*Telegram does not use end-to-end encryption by default, a fact that allowed the researchers from Positive Security to also access old messages and chat history of belonging to users’ accounts, and which were stored on Telegram’s servers.
“After entering the code, full access is obtained to the Telegram account including the ability to write messages on behalf of the victim as well as read all the correspondence.”
Which apps are affected?
This attack potentially affects all messaging apps that verify users through their phone numbers. This includes WhatsApp, Facebook, Google, and Viber.
Apps such as Signal and Pidgin plus OTR, however, include mechanisms that allow you to verify the identities of correspondents. Signal, for example, allows you to compare public PGP identity keys (either manually or automatically using QR codes). If you use these, then you should be able to detect an SS7 attack of the kind described above. Signal will also warn you if a contact’s identify keys change.
The Electronic Frontier Foundation (EFF) has a great chart that compares the security used by most popular messaging apps. Those with a check for “Can you verify contacts’ identities” are resilient to these attacks as long as you perform the verification procedure (so do it!)
WhatsApp does, in fact, include Signal’s ability to warn users when a contact’s identity keys have been changed (WhatsApp uses the Signal protocol), but in a curious move, this feature is disabled by default. It can be enabled using the following steps:
- Go to the Contacts tab -> Settings (the 3 dots to the top right) -> Account -> Security
- Touch slider next to “Show security notifications
These attacks are mainly theoretical, and are anyway not easy to perform (as Motherboard notes, it is “not trivial to abuse the SS7 network”). Since the 60 Minutes program exposed the issue, the mobile phone operators’ trade association (the GSMA) has set up a series of systems to monitor mobile networks, looking for intrusions or abuse of the signalling system. How effective these are, however, remains unclear.
The best protection if you are worried about the issue is still to use an end-to-end encrypted messaging app. Do, however, make sure to use one that allows you to check your contact’s identity (and actually enable or use this feature).