Many smartphones operate on newer 3G or LTE networks that offer upgraded security features. But, they still have to interact with the outdated networks that are full of security holes. In fact, the old SS7 network, originally designed in the 1980s, has many flaws that could be used by hackers or governments that want to track or listen in on your calls.
Hackers can use SS7's built-in functions to steal your communication information. For instance, they can request temporary keys through SS7 to unlock calls made through more secure and encrypted networks like 3G.
These vulnerabilities continue to exist even as cellular carriers invest billions of dollars to upgrade to advanced 3G technology aimed, in part, at securing communications against unauthorized eavesdropping. But even as individual carriers harden their systems, they still must communicate with each other over SS7, leaving them open to any of thousands of companies worldwide with access to the network.
Anyone with the right tools and skills can use the SS7 network to track calls, listen in on conversations and steal texts. They can even record encrypted calls and decode them at a later date.
While German researches are just now making this threat known to the public, some believe that government intelligence groups have known, and used, the flaws for some time now.
“Many of the big intelligence agencies probably have teams that do nothing but SS7 research and exploitation,” said Christopher Soghoian, principal technologist for the ACLU and an expert on surveillance technology. “They’ve likely sat on these things and quietly exploited them.”
Your cell carrier could possibly stop the hacks by refusing to provide the encryption keys needed to unlock calls made from 3G networks. But, so far the hacks have worked against more than 20 worldwide networks tested by the researchers. T-Mobile was the only major American carrier tested.
Since the hack uses the SS7 cellular network, you're likely safe with messaging systems that avoid it altogether and employ end-to-end encryption like iMessage. When making a call, you could use an Internet-based VoIP system like Skype - as long as your Internet network is secure. You could also take German Senator Thomas Jarzombek's advice.
“After all the NSA and Snowden things we’ve heard, I guess nobody believes it’s possible to have a truly private conversation on a mobile phone,” he said. “When I really need a confidential conversation, I use a fixed-line” phone.