PREMIUM TIMES recently published a special report detailing how some state governors are involved in hi-tech mobile phone snooping. According to the report, the governors in question carried out illegal surveillance activities on some perceived opponents by tracking their location and intercepting calls & text messages made over 3G networks in real time.
The report went further to state that a Bulgarian digital surveillance company, Circles 3G, provided the technology with which the governors used to covertly infringe on the privacy of their targets.
How is it possible that private phone calls and text messages of law abiding citizens can be illegally intercepted in real time without the subscriber or network provider’s consent? Well, the possibility of this sort of thing happening is not hard to imagine. The GSM network from the onset was not designed with security in mind.
For a long time, remote mobile phone tapping has been made possible by the use of counterfeit mobile towers otherwise known as IMSI-Catcher, acting between the target mobile phone and the service provider’s real towers (base station). The IMSI-catcher masquerades as a base station and causes every mobile phone of the simulated network operator within a defined radius to connect to it, thereby allowing the attacker to eavesdrop effortlessly.
However, the discovery of an intrinsic vulnerability within mobile phone network interconnection system, otherwise known as SS7 (Signalling System 7) that allows criminals or governments to remotely snoop on anyone with a phone in real time has made the use IMSI-Catcher for mobile phone surveillance look like child’s play. Your phone number is all a hacker needs to listen to your calls, read text messages, and track you. As far back as 2008, a telecoms researcher Tobias Engel demonstrated this in a security conference – Chaos Communication Congress in Germany, followed by demonstrations by other researchers such as Karsten Nohl in 2014. The world’s attention was once again drawn to the SS7 vulnerability following Nohl’s live demonstration of remotely surveilling a US congressman Ted Lieu, aired on US based CBS network in April 2016.
The SS7 protocol was designed to allow mobile phone network carriers exchange information with one another and to enable mobile tower handover, international roaming, cross-carrier billing and other facilities. But once a hacker gains access to SS7 system, they can essentially eavesdrop, and track the location of a phone using the same system that the phone networks use to make service available and deliver voice calls, texts and data services.
SS7 vulnerability is a weakness that has existed for years ever since the protocol was developed in 1975. Some experts believe this vulnerability was intentionally allowed to exist as it is well known to notable security agencies such as the US National Security Agency. The much talked about Circle 3G hi-tech surveillance technology is based on the exploitation of this vulnerability. However, they are not alone; the list of companies that provide this sort of service is endless. These companies boast corporate and government customers around the world with some using corporate lingo to semantically dodge the outright use of the term “surveillance”.
The revelation of the alleged activities of these governors has once again raised concerns about digital privacy rights in Nigeria and the need for appropriate legislation to regulate such activities, failure to do so will inevitably lead to abuse. Privacy has become a human rights issue for the digital age. The UN General Assembly in December 2013 adopted resolution 68/167, which expressed deep concern at the negative impact that unlawful interception of communications may have on human rights, and affirmed that the rights held by people offline must also be protected online, and it called upon all States to respect and protect the right to privacy in digital communication. The Amnesty International also, recently declared that encryption (a basic prerequisite for privacy and free speech in the digital age) is now a human right issue.
As a law abiding citizen, should you be scared about the continued existence of this weakness? Well, not so much as the politicians, high profile corporate executives, government officials, celebrities, activists and people in positions of power. As an average subscriber, the SS7 loophole should not be atop the list of things to worry about if you have figured out that you are not that important in the scheme of things. There are more serious security threats to worry about as a smartphone user than the SS7 intercepts. Nonetheless, the consequence of this technology falling into the hands of organised crime syndicates is enormous as all that’s required to snoop on you is your phone number and access to the SS7 system. Banks for instance use phone calls or text messages to verify a user’s identity; this could be easily intercepted for fraudulent purposes.
Because the SS7 based mobile phone surveillance depends entirely on systems outside of the subscriber’s control, there is very little you can do to protect yourself beyond not using the mobile network services.
For voice calls, the best option is to bypass your phone’s normal calling procedure in favour of using a service that carries voice over data instead of the usual voice call network. This will help prevent your calls from being intercepted. Messaging services including WhatsApp and many others allow secure voice communications.
For text messages, you are better off using messaging apps that offer what is called “end-to-end encryption”. This ensures that your messages are secured from the time they’re sent to the moment they’re received. Examples include WhatsApp (which recently implemented end-to-end encryption), Apple’s iMessage or the many others available out there.
Dealing with location tracking can be a bit challenging as your location could be tracked at any moment as long as you are connected to the mobile phone network even if your GPS is turned off. The only way to evade it is to turn off your connection to the mobile phone network and rely on Wi-Fi instead. Although an unwavering hacker could still track your IP or hardware address.
The most important takeaway is to realise that pretty much anything can be hacked; having that understanding and adjusting your routine may help, especially when security and privacy is at stake. The mobile phone network is by design not secure and will probably never be. There may be some improvements in the future, but that may not deter a determined adversary. If you are seriously concerned about the security of your communication, it’s best not to send them over a communications system of any sort.Amakiri Welekwe holds a master’s degree in Network Systems and works as an information technology and cyber security specialist. He regularly writes about contemporary issues in IT and cyber security.