Security flaws threaten our privacy and bank accounts. So why aren’t we fixing them?
By Cooper Quintin
Mr. Quintin is a senior staff technologist at the Electronic Frontier Foundation.
America’s cellular network is as vital to society as the highway system and power grids. Vulnerabilities in the mobile phone infrastructure threaten not only personal privacy and security, but also the country’s. According to intelligence reports, spies are eavesdropping on President Trump’s cellphone conversations and using fake cellular towers in Washington to intercept phone calls. Cellular communication infrastructure, the system at the heart of modern communication, commerce and governance, is woefully insecure. And we are doing nothing to fix it.
This should be at the top of our cybersecurity agenda, yet policymakers and industry leaders have been nearly silent on the issue. While government officials are looking the other way, an increasing number of companies are selling products that allow buyers to take advantage of these vulnerabilities.
Spying tools, which are becoming increasingly affordable, include cell-site simulators (commonly known by the brand name Stingray), which trick cellphones into connecting with them without the cellphone owners’ knowledge. Sophisticated programs can exploit vulnerabilities in the backbone of the global telephone system (known as Signaling System 7, or SS7) to track mobile users, intercept calls and text messages, and disrupt mobile communications.
These attacks have real financial consequences. In 2017, for example, criminals took advantage of SS7 weaknesses to carry out financial fraud by redirecting and intercepting text messages containing one-time passwords for bank customers in Germany. The criminals then used the passwords to steal money from the victims’ accounts.
How did we get here, and why is our cellular infrastructure so insecure?
The international mobile communications system is built on top of several layers of technology, parts of which are more than 40 years old. Some of these old technologies are insecure, others have never had a proper audit and many simply haven’t received the attention needed to secure them properly. The protocols that form the underpinnings of the mobile system weren’t built with security in mind.
SS7, invented in 1975, is still the protocol that allows telephone networks all over the world to talk to one another. It was built on the assumption that anyone who can connect to the network is a trusted network operator. When it was created, there were only 10 companies using SS7. Today, there are hundreds of companies all over the world connected to SS7, making it far more likely that credentials to the system will be leaked or sold. Anyone who can connect to the SS7 network can use it to track your location or eavesdrop on your phone calls. A more recent alternative to SS7 called Diameter suffers from many of the same problems.
Another protocol, GSM, invented in 1991, allows your cellphone to communicate with a cell tower to make and receive calls and transmit data. The older generation of GSM, known as 2G, doesn’t verify that the tower that your phone connects to is authentic, making it easy for anyone to use a cell-site simulator and impersonate a cell tower to obtain your location or eavesdrop on your communications.
Larger carriers have already begun dismantling their 2G systems, which is a good start, since later generations of GSM such as 3G, 4G and 5G solve many of its problems. Yet our phones all still support 2G and most have no way to disable it, making them susceptible to attacks. What’s more, research has shown that 3G, 4G, and even 5G have vulnerabilities that may allow new generations of cell-site simulators to continue working.
Nobody could have envisioned how deeply ingrained cellular technology would become in our society, or how easy and lucrative exploiting it would be. Companies from China, Russia, Israel and elsewhere are making cell-site simulators and providing access to the SS7 network at prices affordable even to the smallest criminal organizations. It is increasingly easy to build a cell-site simulator at home, for no more than the cost of a fast-food meal. Spies all over the world — as well as drug cartels — have realized the power of these technologies.