IT experts led by Berlin-based Karsten Nohl said on Thursday they had discovered security flaws in the mobile phone networks that would allow attackers to read users' messages.Nohl's team said that the problem lay in the SS7 protocol, which is used by mobile phone operators to encrypt data when they send it to networks in other countries, the Süddeutsche Zeitung reported.
Using commands sent to the network via this protocol, hackers could redirect a user's calls to themselves before forwarding them on to the intended recipient – allowing them to record everything said.The second technique would require setting up a radio antenna to collect all calls and texts passing through an area.Using the SS7 protocol, hackers could then request keys to unlock traffic encrypted using a more secure system such as 3G.
Nohl's team obtained encryption keys for the communications of Christian Democratic Union MP Thomas Jarzombek from Deutsche Telekom's automated systems by posing as a foreign telephone exchange.But the process could be automated to conduct the attacks on a mass scale.“It would strike me as a perfect spying capability, to record and decrypt pretty much any network... Any network we have tested, it works”, Nohl told the Washington Post.
“All networks worldwide” would be affected by the problem, Deutsche Telekom said in a statement.The loophole could allow hackers to spy on SMS, email and voice traffic.Telekom, Vodafone and Telefónica, which owns O2 and E-Plus, said on Thursday evening that they had already fixed the flaw in their networks.
But any efforts by individual networks were “only a sticking-plaster”, Telekom said, while a long-term solution would have to be developed across the industry.Telekom added that the hacking method could only be used by experts with specialist equipment targeting specific individuals.The attacker “would have to stay close to the [mobile phone] user and have access to a special receiver which isn't available on the market,” the company said.
But Nohl's team noted that federal government buildings and the Bundestag would be vulnerable if such equipment were used from the nearby American or Russian embassies in Berlin.Spiegel has reported that many US embassies and consulates, including Berlin, are outfitted with antennas for collecting cellular signals.
Germany is particularly sensitive to spying after it was reported last year that the US National Security Agency was eavesdropping on Angela Merkel's phone based on information from whistleblower Edward Snowden.