CBC News conducted an investigation back in November, which showed how easy it was to hack into a phone that’s on the mobile networks of Rogers and Bell.
Berlin-based cybersecurity expert Karsten Nohl and his team were able to show that it is possible to track your location and access the contents of your phone with only your phone number. SS7 attacks can also be used to add, modify, or delete content on your device. For instance, Nohl said that he could set up a person’s voicemail so that all the messages were sent directly to him, and the user would never know they were missing.
Both companies, along with Public Safety Canada, refused to grant interviews on the topic. Instead, they all decided to discuss the matter behind closed doors.
An NDP public safety and emergency preparedness critic agreed to let his phone be hacked as a part of the investigation. The phone, which was on Rogers’ mobile network, was successfully compromised. The team was also able to compromise a device that was on Bell’s network.
Public Safety Minister Ralph Goodale refused to participate in an interview because “SS7’s flaws are not among his ministry’s responsibilities.” Goodale apparently met with Rogers and Bell to discuss the issue.
In a statement, Quebec NDP MP Matthew Dubé said:
“They talked about what they are doing to improve on this issue and that they take their customers’ privacy very seriously. While I don’t doubt their good intentions, at the end of the day there’s a lot of work that needs to be done by the private sector and by government to ensure that we’re doing all we can to protect Canadians’ privacy.”
When asked repeatedly for interviews, both Rogers and Bell declined, giving standard responses to dodge the questions at hand. In a statement, a Bell spokesperson said:
“Bell’s networks are protected by state of the art technology … We wouldn’t comment on any specific measures we take to ensure the security of our networks.”
A Rogers spokesperson also issued a similar statement, saying:
“We have already introduced and continue to implement the most advanced technologies to address threats related to SS7. For security reasons we are unable to publicly share specific details on our ongoing investments in cybersecurity.”
It’s clear that Rogers and Bell have a lot of work to do in order to protect their customers, according to this CBC investigation. Should we be worried about SS7 flaws?
[via CBC News]
