Owners of smartphones have developed a sense of security, using them as if they were sitting in front of their computers at home. Once used for voice transmission only, mobile phones, or smartphones, have grown to become devices used for shopping, bill paying, bank transactions, and a host of other applications. Unfortunately, they are not nearly as secure as most users think they are. Hackers have found a number of flaws, and are capable of exploiting them.
Mobile phones are everywhere. The ubiquitous devices have become so commonplace that it is easy to believe that nearly everyone has one. Owners of these devices have had a sense of security, using them as if they were sitting in front of their computers at home. Once used for voice transmission only, mobile phones, or smart phones, have grown to become devices used for shopping, bill paying, bank transactions, and a host of other applications.
Unfortunately, they are not nearly as secure as most users think they are. Hackers have found a number of flaws, and are capable of exploiting them. The primary component of these breaches is Signal System 7 (SS7,) which enables mobile roaming between two different phone service providers.
As Computer Weekly reported, hackers are able to monitor the target phone half a world away. As demonstrated by an Australian television show, hackers in Australia access a mobile phone in Germany, recording the conversation of a German politician, and tracking his movements from thousands of miles away. That demonstration has also raised serious questions about the security of SMS verification systems used by online banking and e-mail services.
The problem arises because international agreements require all telecommunications providers to provide details of their subscribers through the SS7 system to another provider on request, including the name and contact details of the subscriber, as well as, crucially, the location of the nearest mobile phone tower.
Using a man-in-middle attack, the breach is not a direct connection to the target device, but an interception of the target device’s inbound and outbound signals. The signals are then recorded and forwarded to the intended recipient of the signals. Correctly used, all this activity is invisible to the parties on the call. Additionally, it also allows the movements of a mobile phone user to be tracked on applications such as Google Maps.