Craig Timberg reports in the Washington Post, that German researchers have discovered that phone calls and text messages between mobile phones are vulnerable to hackers and Government surveillance agencies located anywhere in the world, due to flawed infrastructure designed in the 1980s.
The flaws are in the “SS7” protocol (Signalling System 7) used by mobile phone networks worldwide and are actually functions built into the system for other purposes, such as to allow mobile phones to switch between mobile phone base stations.
Phone calls are vulnerable to interception even on networks using strong encryption, for example one type of attack involves recording an encrypted phone call and then requesting through SS7 that the caller’s carrier releases a temporary encryption key to unlock the communication after it has been recorded.
Tobias Engel, one of the German researchers who discovered the flaws which will presented at the Chaos Communication Congress in Hamburg on the 27 – 30 December 2014 said:
“It’s like you secure the front door of the house, but the back door is wide open.”