How Safe Are Your Mobile Calls and Messages?
Mobile phone calls and messages are vulnerable to attack. Many organizations and individuals falsely trust the safety and security of making calls and sending/receiving texts from their mobile devices.
However, there are many critical vulnerabilities inherent with cell phones and cellular networks that put our privacy and our organizations’ confidentiality at risk. Understanding and preventing these risks are critical to protecting your business, your employees, your clients, and your customers.
IMSI Catchers
An IMSI-catcher is a telephone eavesdropping device used for intercepting mobile phone traffic and tracking movement of mobile phone users. They are "fake" cell towers acting between the target mobile phone and the service provider's real cell towers. IMSI Catchers grab International Mobile Subscriber Numbers (IMSI) and the Electronic Serial Numbers (ESM) from targeted mobile phones. They can force a mobile phone connected to it to use no encryption making calls easy to intercept and can intercept both calls and messages.
A threat to Business and Personal Security
While, to date, IMSI catchers – in particular, the Harris Corp. Stingray – have been used mainly for law enforcement purposes, hostile use of IMSI catchers is increasingly likely. Low-cost IMSI catchers are now available for as little as $1400. In September 2015, the International Business Times reported that the Chinese Government spied on airplane passengers using IMSI catchers. This highlights the threat to international business travelers and organizations.
Fake Cell Towers
Network Attacks
In 3G networks, the traffic is encrypted from the mobile device, through the Cell Tower to the Radio Network Controller. Hence, both the Radio Access Network and the backhaul portions of the network are ‘notionally’ protected. However, if a hacker gains access to the Core Mobile Network, the encryption used for GSM and 3G is ineffective.
-
In 2009, hackers computed and published a codebook free on the internet to decrypt calls made over GSM networks.
-
In 2010, A Practical-Time Attack on the A5/3 Cryptosystem exposed the weakness of the encryption used in 3G GSM Telephony: http://eprint.iacr.org/2010/013.pdf
In 4G networks, the threat is greater as mandated encryption from the Mobile Phone stops at the Cell Tower (eNB), leaving the IP traffic in the backhaul to the operator unprotected.
Signalling Attacks
Signalling System No.7 (SS7)
The vulnerabilities in SS7 allow an an intruder with basic skills to perform numerous attacks including:
​
-
IMSI Disclosure
-
Intercepting and Redirecting Phone Calls
-
Intercepting SMS Messages
-
Tracking of a Mobile User
-
Block a Mobile User From receiving incoming calls and messages
​
SS7 exploits are easily within reach of hostile parties and access to SS7 can be bought from network operators for a few hundred dollars per month.
Mobile Threats are not limited to state-actors or high-cost hackers
With nothing more than a browser, an internet connection and maybe a pre-pay debit card, anyone can spoof SMS messages and Caller IDs. The fact that the receiving mobile number recognizes the and displays their name when the call or text arrives is enough for most individuals to trust the authenticity of the message or call. Combined with basic social engineering, recipients could give up critical information such as passwords etc. More concerning is where a number of organisation use SMS as an emergency alerting procedure, to evacuate buildings or request the location of an employee.
The Risks to Organizations and their Employees
With the relative ease for standard mobile communications to be intercepted potential threats include:
Economic Espionage
When employees use their mobile phones for confidential business discussions, particularly when travelling on business, the risk of those texts, images or calls being intercepted is real. If that confidential information is intercepted by competitors or interested third parties, the damage can far-reaching.
Reports on the economic impact of industrial espionage vary, but in the US alone, BlackOps Partners Corporation, which works with Fortune 500 companies on counter-intelligence and protection puts the number at $500 billion in raw innovation stolen every year. As far back as 2012, General Keith Alexander, NSA director and commander of U.S. Cyber Command described economic espionage as “the greatest transfer of wealth in history.”
Crime and Fraud
The criminal targeting of personal cell phones is an increasingly rich area, with scams growing in complexity and reach. Early in 2016, millions of customers of Australia’s biggest banks were targeted in a sophisticated Android attack, using fake log in screens for the banking apps, WhatsApp, Skype, PayPal, eBay and Google services. The malware was used to both intercept log-in details and to steal SMS two-factor authentication codes, meaning the bank’s security measures were bypassed.
Employee and Personal Safety
For businesses with employees travelling and working abroad, the risk of interception may be higher as nation states, competitors, terrorists and kidnappers target business travellers. Cell phones can exponentially increase this risk as eavesdropping and message interception can provide crucial information, while the growing use of IMSI catchers can provide accurate real-time location information.