The CBC enlisted the help of Berlin-based cybersecurity expert Karsten Nohl to demonstrate just how vulnerable Canada’s wireless networks are.
Nohl and his team were able to show that it is possible to track your location and access the contents of your phone with only your phone number. This is all possible because of a vulnerability in the international telecommunication network.
The attack is based on Signalling System No. 7 (SS7) which is a hidden messaging layer within cellphone networks. This layer is responsible for setting up and tearing down connections for a phone call, exchanging billing information or allowing a phone to roam.
Access to this layer, according to Nohl, is quite trivial and can go beyond spying on a phone conversation. SS7 attacks can also be used to add, modify, or delete content on your device. For instance, Nohl said that he could set up a person’s voicemail so that all the messages were sent directly to him, and the user would never know they were missing. In a statement, he said:
“The technology is built with good intentions to make a very useful phone network and good user experience but it lacks any kind of security and it’s open to abuse.”
In April, the U.S. Department of Homeland Security released a report warning that “significant weaknesses in SS7 have been known for more than a decade.”
SS7 attacks can go completely undetected. For instance, in 2014 customers of Telefonica bank had money drained from their accounts because of SS7 attacks. In this case, a four-digit code was sent to a customer’s phone in order to complete the transfer. The attackers in the case used a vulnerability in SS7 to get those codes and take the funds for themselves.
Telecom companies in Europe have been strengthening their defences to fight off SS7 attacks. However, the same cannot be said about Canada’s largest wireless companies. Nohl said:
“Relative to other networks in Europe and elsewhere in the world, the Canadian networks are easy to hack. I think the two Canadian networks we tested have about 10 per cent of the security that they need to do to protect from SS7 attacks.”
The demonstration conducted by the CBC and Nohl’s team raises questions about personal privacy and security, as well as the state of cyber security at these Canadian telecoms.
Bell and Rogers both declined to sit down with CBC to speak about the matter. However, both companies issued generic statements about the matter. In a statement, Rogers Communications said:
“On SS7, we have already introduced and continue to implement the most advanced technologies but we are unable to share specific details for security reasons.”
A spokesperson from Bell said that they are an “active participant” on the Canadian Security Telecommunications Advisory Committee. In a statement, Bell said:
“Bell works with international industry groups such as the GSMA [an international mobile phone operators association] to identify and address emerging security risks, including those relating to SS7.”
So now you are probably asking yourself: how can I stay protected from these attacks? The answer, according to Nohl, is simple: use encryption software.
“If you’re using Signal, WhatsApp, Skype, you’re certainly protected from SS7 attacks…. But there’s other types of attacks that could happen against you, your computer, your phone. So you’re never fully safe.”
However, the only real protection from these kinds of attacks it to turn your phone off, which is something that is not always practical.