New flaws have been discovered by the IT experts at Karsten Nohl that would open up user messages to hackers.
Karsten Nohl IT experts in Berlin have discovered mobile security flaws in the wireless phone networks that would give access to hackers so that they would be able to read messages being exchanged by users.
The team spotted the issue in the SS7 protocol that is used for encrypting data by mobile phone operators.
That SS7 protocol is used for the mobile security encryption of data when messages are being sent to networks in other countries. Should hackers use commands that are sent by way of the protocol to the networks in question, then they could become able to redirect the calls and messages of a user to themselves before they then forward them to the appropriate recipient. This would give them the ability to be able to record everything that was said or sent.
That mobile security hacking effort is only one of the two different ways that the SS7 protocol could be breached.
The second potential technique has to do with building a radio antenna that would be able to collect the texts and calls that made their way through that physical area. In that method, hackers could use the SS7 protocol to request the keys that would be necessary for unlocking the encrypted calls and messages from among the traffic passing through. That method would be used in the case of a system that was considered to be more secure, such as 3G.
The team at Nohl’s was able to obtain the encryption keys from the automated systems at Deutsche Telekom, with respect to the communications of MP Thomas Jarzombek at the Christian Democratic Union. From within that system, the IT team posed as a telephone exchange from another country in order to obtain the necessary keys.
That entire mobile security breach process could even be automated by hackers in order to become capable of conducting attacks on a tremendous scale. The Washington Post reported that Nohl said that “It would strike me as a perfect spying capability, to record and decrypt pretty much any network… Any network we have tested, it works”, and Deutsche Telecom added that that this could affect “All networks worldwide”.
