GET THE FREE NATIONAL CYBER SECURITY APP FOR YOUR PHONE AND TABLET
Spy agencies like the NSA and many others aren’t the only ones able to bug your calls and text messages, a new investigation shows. It turns out that anyone with the right equipment and know-how can tap into a carrier’s phone network to access calls and text messages for without the target’s knowledge.
DON’T MISS: OnePlus 2 review: There can be only one
The news comes from Australia’s 60 Minutes, which spoke to security researchers who have proven that an SS7 inter-carrier network security flaw lets individuals track your cell phone anywhere in the world, and it can also be used to gain access to phone calls and text messages.
Anyone with access to a carrier’s phone network would be able to intercept phone calls and text messages, record them, and reroute them to their original destinations, without the cell phone user knowing what’s happening.
The key takeaway from the report is that you need to get access to the SS7 portals in order to actually take advantage of the bug, which might be a tough job for regular people. SS7 portals route calls between mobile operators, allowing phones to roam from one country to another.
In the wrong hands, access to an SS7 portal can be abused so that hackers or spy agencies can collect data from a target, including login credentials. The service can also be used to reroute calls to premium numbers that generate income for hackers, or block a person from dialing certain numbers.
60 Minutes also reports that some providers may offer SS7 access illicitly to third parties include spy agencies. The report cited one company that claimed to pay $16,000 per month for online access to SS7 tracking.
The SS7 vulnerability can be patched, according to the report, but some countries might not be necessarily interested in fixing the issue. This way, local spy agencies can continue various surveillance operations that take advantage of the flaw.
Three local Australian carriers, including Telstra, Optus and Vodafone, have all said in statements users’ privacy and security is very important to them, effectively denying any knowledge about SS7 hacks happening on their watch in the region.