Invasive phone tracking: New SS7 research blows the lid off mobile security

Hacker conference Chaos Communication Congress 31c3 is under way in Hamburg, Germany right now where three SS7 talks have revealed the ease of invasive cell phone surveillance.

phone tracking surveillance SS7

Hacker conference Chaos Communication Congress 31c3 is under way in Hamburg, Germany right now where a cluster of SS7 talks have revealed the ease of invasive cell phone surveillance.

Three groundbreaking research presentations and live demonstrations on SS7 have shown that the NSA -- or any government's ability or access -- isn't needed to track you completely (and terrifyingly) with your cell phone.

CCC is livestreaming all 31c3 talks and archiving them immediately, and you can see more of the conference's great presentations online now.

ss7-31c3-phone-surveillance.jpg
Slide from SS7 Locate Track Manipulate (Tobias Engel) Tobias Engel/CCC

The world's oldest -- and Europe's largest -- hacker organization The Chaos Computer Club is proving its mettle with the talks at this year's 31c3: A New Dawn.

But in three of the conference's earliest presentations, onstage only a day ago, researchers show what's commercially available in the realm of phone spying, and it may scare you more than the Snowden documents.

All three talks -- SS7: Locate. Track. Manipulate., SS7map: Mapping Vulnerability of the International Mobile Roaming Infrastructure, and Mobile Self-Defense -- are probably the most terrifying and potentially earth-shattering of all the 31c3 presentations (so far).

These videos are a must-watch for anyone interested in tracking and surveillance via cell phones.

In this sessions, watch demonstrations of tracking and learn about unbelievable in-use techniques for tracking and identifying cell phone users, no NSA required: the tools used are not law enforcement tools, and some are commercially available.

I can't stress the importance of SS7: Locate. Track. Manipulate. strongly enough. Researcher Tobias Engel describes, "Companies are now selling the ability to track your phone number wherever you go. With a precision of up to 50 meters, detailed movement profiles can be compiled by somebody from the other side of the world without you ever knowing about it. But that is just the tip of the iceberg."

In SS7map: Mapping Vulnerability of the International Mobile Roaming Infrastructure, "SS7 has been shown repeatedly as an insecure protocol: spoofing, faking, crash through fuzzing, fraud. The main question of our study is to determine how this insecurity is mitigated by network operator's action to prevent compromise on both network exposure of infrastructure and privacy compromise of subscribers. It's why we wanted to come out with SS7map."

Rounding out the cluster of a the equivalent of three phone security nuclear bombs, Mobile Self-Defense (SnoopSnitch) shows just how cheap and easy it is to intercept 3G thanks to SS7.

Presenter Karsten Nohl begins, "We know that mobile networks can - and do - attack us on many fronts. As this talk will show, even 3G is attackable. It's high time that we upgrade from complaining to self-defense."

mobile-self-defnese.jpg
Slide from Mobile Self Defense (Karsten Nohl) Karsten Nohl/CCC

Mr. Nohl and his team also released the Android app SnoopSnitch, as an outcome of their work and studies on SS7 surveillance attacks.

There are many groundbreaking talks at 31c3 this year, and you're sure to find more of interest than our shortlist. If you miss it, all of 31c3's talks will be archived on the 31c3: A New Dawn video page.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All