In five years’ time there will be nine billion mobile subscriptions – that’s more than there are people on the planet.
“Mobile is going from strength to strength. It’s crucial for our private and business lives. But with greater reliance on devices, comes a greater risk especially when it comes to privacy and fraud,” warns Steve Buck, product director at Evolved Intelligence.
Phone hacking isn’t new; stories of high-profile figures being plundered are legion, from Kate Middleton to Milly Dowler. These examples seem disconnected from our everyday use, but fresh revelations of hacking potentially affect us all.
They come in the wake of a US media storm, sparked by CBS news show 60 Minutes, where a congressman’s calls and movements were monitored. All hackers did was get hold of one piece of data – his phone number.
They then accessed a network few of us have heard of, yet all of us have used. Once in, the hacker can track your movements, intercept calls and texts, as well as block your signal from anywhere in the world.
Mobile operators use a network called Signalling System 7 (SS7), which allows all operators to talk to each other. “It’s the central-nervous system of the worldwide mobile network. It connects our devices with all networks and allows us to move around while using them. It’s essentially what makes them mobile. More people use SS7 than the internet,” says Mr Buck.
Criminals are increasingly using the SS7 network to access our mobiles. “Attacks can affect any phone, on any carrier and any operating system, and it’s possible because of security flaws in the global network,” says Nick Jones, chief technology officer at Evolved Intelligence, that provides roaming, fraud and security solutions.
Developed in 1975, SS7 is considered ancient in tech circles. Security officials have flagged vulnerabilities for decades. The GSMA, whose members include 800 operators globally, are actively working to advise operators how to plug this hole. The US Federal Communications Commission and other regulators are also investigating.
For example, every day a medium-sized operator serving five million customers will have thousands of attacks, including dozens of sophisticated ones. Even intelligence agencies, accused of espionage, are believed to be in on the act.
“Nowadays it costs as little as £800 a month to access the SS7 network – a small price for hackers who use it to eavesdrop on calls, track movements, spam you, deny you service or use it to intercept passwords to access your bank account. The holes are there to be exploited and we need more protection,” says Mr Jones.
Yet it’s impossible to know if we’re being hacked. If you have access to SS7, you have access to anyone’s mobile. There is no global policing and it’s up to each operator to resolve these issues. Some operators have begun installing protection. Attacks can be combatted with a signalling firewall or to a degree with modifications to existing equipment.
Evolved Intelligence is working with mobile operators to tackle the issue. “The problem is widespread so that’s why we’re speaking to operators across the world about how to solve this SS7 flaw,” says Mr Jones.
Mobile is like the early days of the internet, when users first realised they needed to protect their PCs from malicious attacks
Every day the Bristol-based company processes two billion messages. “We separate malicious messages from the legitimate, so we can secure the network while allowing genuine services through,” explains Mr Buck.
“We have worked with many banks to secure their communications. Once we secure the network, we can then enable a lot more legitimate and useful applications, including more secure banking or applications for the internet of things, such as vehicle tracking,” he says.
“The mobile revolution continues unabated. We must do more to secure the mobile network, while enabling lawful applications and communications. Mobile is like the early days of the internet, when users first realised they needed to protect their PCs from malicious attacks.”
For more information please visit www.evolved-intelligence.com
