How Safe Are Your Mobile Calls and Messages?
Mobile phone calls and messages are vulnerable to attack. Many organizations and individuals falsely trust the safety and security of making calls and sending/receiving texts from their mobile devices. However, there are many critical vulnerabilities inherent with cell phones and cellular networks that put our privacy and our organizations’ confidentiality at risk. Understanding and preventing these risks are critical to protecting your business, your employees, your clients, and your customers.
Network Attacks
In 3G networks, the traffic is encrypted from the mobile device, through the Cell Tower to the Radio Network Controller, so both the Radio Access Network and the backhaul portions of the network are ‘notionally’ protected. However if a hacker gains access to the Core Mobile Network, the encryption used for GSM and 3G is ineffective.
- In 2009, hackers computed and published a codebook free on the internet to decrypt calls made over GSM networks
- In 2010, A Practical-Time Attack on the A5/3 Cryptosystem exposed the weakness of the encryption used in 3G GSM Telephony: http://eprint.iacr.org/2010/013.pdf
In 4G networks, the threat is greater as mandated encryption from the Mobile Phone stops at the Cell Tower (eNB), leaving the IP traffic in the backhaul to the operator unprotected.
Signalling Attacks
Signalling System No.7 (SS7) is Easily Hacked
The vulnerabilities in SS7 allow an an intruder with basic skills to perform numerous attacks including:
- IMSI Disclosure
- Intercepting and Redirecting Phone Calls
- Intercepting SMS Messages
- Tracking of a Mobile User
- Block a Mobile User From receiving incoming calls and messages
SS7 exploits are easily within reach of hostile parties and access to SS7 can be bought from network operators for a few hundred dollars per month.
Intercepting SMS Messages
The target is registered with a fake Mobile Switching Center (MSC) and Visitor Location Register (VLR) - meaning that SMS messages can be diverted to an alternative host. This allows the attacker to send fake message received confirmations, and withhold or send new/altered messages. The target sees no interruption of service, and therefore has no reason to suspect anything is amiss. The goal is often to steal passwords for services such as banking, email and social media etc.
Intercepting Calls
As part of a VLR attack, the phone owner’s profile can be manipulated so that when they make a call the billing request and number they are calling are sent to the attacker. This allows the attacker to create a conference call, with themselves unseen, and listen and record the resulting conversation unobserved.
Mobile Threats are not limited to state-actors or high-cost hackers
With nothing more than a browser, an internet connection and maybe a pre-pay debit card, anyone can spoof SMS messages and Caller IDs. The fact that the receiving mobile number recognizes the and displays their name when the call or text arrives is enough for most individuals to trust the authenticity of the message or call.
Combined with basic social engineering, recipients could give up critical information such as passwords etc. More concerning is where a number of organisation use SMS as an emergency alerting procedure, to evacuate buildings or request the location of an employee.
Ready to take you security seriously?
Try Cellcrypt for free or signup for the paid version now.