How SS7 Flaw Gives Hackers Easy Access to Your Private Phone Calls. What You Can Do About It (White Paper)

Secusmart

Asian entrepreneur talking on the phone when leaving airport

Text-based digital communication, such as SMS messages, emails and instant messages, are all subject to attack. That’s common knowledge by now – you’re sharing sensitive files, talking about private information, and working with confidential material over the Internet. Without encryption, you may as well invite cyber criminals in for tea.

It’s why we spend so much time and effort making sure text is secure. But why don’t we extend the same security to voice communications? Why is it that we’re content to leave our phone calls unprotected?

The information discussed over the phone is just as sensitive as that sent over email – everything from financial details to executive strategy to intellectual property. Unsecured voice communications are a veritable gold mine for hackers. And as we’ve mentioned in the past, voice is startlingly easy to hack.

With inexpensive, commercially available hacking software, for example, voice calls can be hijacked before the recipient even picks up the phone.

At issue is the fact that the majority of modern telecommunications technology relies on Signaling System 7 – a protocol that was first defined as a standard in 1980. And even though SS7 was developed before the Internet existed, it has changed little since its inception. It’s filled with security holes and exploits that make call hijacking a breeze.

weakest-link“[SS7’s] security was based on the fact that no one other than carriers and some governments could access it,” Enderle group principal analyst Rob Enderle explained to Tech News World in 2014. “It’s a technology well past its prime.”

SS7, in other words, is the weakest link – and a hacker’s dream come true.

4G/LTE networks do away with SS7 in favor of a newer, more secure protocol. But it’s little more than a Band-Aid solution for the near future. 4G will account for only 10% of global mobile connections by 2017, with 2G and 3G accounting for the rest. That means for the next several years, chances are very good that the person you’re calling will be using a vulnerable 2G or 3G-based connection.

Even calls that start off using 4G/LTE can easily switch to 3G when reception weakens – all without you or your calling partner noticing. That creates a weak link that hackers can exploit. Moreover, while LTE doesn’t rely on the broken-down SS7 standard, that doesn’t mean it’s secure – at a recent Black Hat Europe presentation, researchers revealed that 4G’s encryption is far from ironclad.

It’s clear that protecting your organization requires you to take encryption into your own hands, which is where SecuSUITE for Enterprise comes in.

A software-based, multi-OS solution, SecuSUITE for Enterprise is designed as a cost-effective, intuitive means of locking down mobile communications. Simple to use and manage from both an enterprise and end user perspective, it offers the following advantages:

  • woman-talkingIt’s MDM/EMM-agnostic, allowing it to adapt to any mobility environment.
  • Compatible with multiple operating systems including iOS, Android (including Samsung KNOX and Android for Work) and BlackBerry 10.
  • Calls connect instantly, with crystal-clear voice quality – no waiting through a lengthy authentication process or dealing with an aggravating lag.
  • Designed to have a low battery footprint, and functions on both WiFi and cellular connections.
  • Easy to manage through a user-friendly, secure cloud-based portal which allows quick enrollment and deactivation of users and adjustment of settings.
  • Hosted on the renowned BlackBerry infrastructure, which connects to more than 600 carriers worldwide.

A system is only as secure as its weakest link – and where voice is concerned, SS7 is it. Although it still functions beautifully as a straight communications system, from a security standpoint it’s an archaic, broken protocol. If you truly want to protect your corporate data – if you really don’t want anyone listening in on your calls, then you need an encryption platform.

You need SecuSUITE for Enterprise.

Want to learn more about how SecuSUITE for Enterprise can safeguard your business against eavesdropping? Check out our whitepaper, “Someone’s Listening: The Real Reasons You Need to Encrypt Your Calls.” And if you’ve any doubts about SS7’s lack of security, you can view the recent 60 Minutes special “Hacking Your Phone.” 

About Nicholas C. Greene

Nicholas C. Greene is a technology writer based in Calgary, Canada. An English graduate of the University of Calgary, he's written for publications and organizations such as VPN Haus, Streetwise, Northcutt, and The Coolist.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus