CBC News conducted an investigation back in November, which showed how easy it was to hack into a phone that’s on the mobile networks of Rogers and Bell.
Berlin-based cybersecurity expert Karsten Nohl and his team were able to show that it is possible to track your location and access the contents of your phone with only your phone number. SS7 attacks can also be used to add, modify, or delete content on your device. For instance, Nohl said that he could set up a person’s voicemail so that all the messages were sent directly to him, and the user would never know they were missing.
Both companies, along with Public Safety Canada, refused to grant interviews on the topic. Instead, they all decided to discuss the matter behind closed doors.
An NDP public safety and emergency preparedness critic agreed to let his phone be hacked as a part of the investigation. The phone, which was on Rogers’ mobile network, was successfully compromised. The team was also able to compromise a device that was on Bell’s network.
Public Safety Minister Ralph Goodale refused to participate in an interview because “SS7’s flaws are not among his ministry’s responsibilities.” Goodale apparently met with Rogers and Bell to discuss the issue.
In a statement, Quebec NDP MP Matthew Dubé said:
“They talked about what they are doing to improve on this issue and that they take their customers’ privacy very seriously. While I don’t doubt their good intentions, at the end of the day there’s a lot of work that needs to be done by the private sector and by government to ensure that we’re doing all we can to protect Canadians’ privacy.”
When asked repeatedly for interviews, both Rogers and Bell declined, giving standard responses to dodge the questions at hand. In a statement, a Bell spokesperson said:
“Bell’s networks are protected by state of the art technology … We wouldn’t comment on any specific measures we take to ensure the security of our networks.”
A Rogers spokesperson also issued a similar statement, saying:
“We have already introduced and continue to implement the most advanced technologies to address threats related to SS7. For security reasons we are unable to publicly share specific details on our ongoing investments in cybersecurity.”
It’s clear that Rogers and Bell have a lot of work to do in order to protect their customers, according to this CBC investigation. Should we be worried about SS7 flaws?
[via CBC News]
Want to see more of our stories on Google?
P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!
Where is Telus in all of this ?
Seems like they are protecting their customers lol
If your carrier as the option to support international roaming (basically everybody) than this applies to them.
The other thing to remember, just using the right gear (a scanner radio and frequency counter) can compromise a cellular network. You have to be within range for this method to work, but you leave absolutely zero tracks.
is the the fault of rogers and bell? does at&t and verizon on the usa side have this problem? what is the actual issue? and once that is determined, is there a different way of doing this in canada?
There’s always going to be that one guy who can “hack” the system. Best thing is to expose them to the world so we can get past it and tomorrow be more secure.
This issue as been out there since the start. It is partly an issue with getting a new international standard established, which takes forever. The other thing in my opinion is, if carriers properly secure their networks (true end to end encryption). Then they as well government agencies will have a much harder time collecting information on users.
This vulnerability is the main reason you will see so many senior government people in Washington using disposable flip phones.
Third party apps will give you protection. If you are able to keep your phone number confidential then you can’t really be hacked.