We have already mentioned the insecurity of the today’s most popular communication services, such as Skype, WhatsApp, Viber, etc. Unfortunately, the situation with SMS is not any better. In this article we will talk about the reasons and methods of intercepting text messages.
Technical Background: Programmed in 1970s
The system of Short Message Service (SMS) works on the basis of SS7 protocol (Signaling System No.7) which was programmed in the late 1970s. In plain English this is a generally accepted standard, which means network elements exchange information over a digital signaling network. Among others, SS7 is responsible for setting up the connection, billing, call forwarding, wireless and landline call service, roaming, etc. To put even simpler, there are two types of traffic in telephone networks: a subscriber’s traffic and support traffic, and SS7 is in fact support traffic.
In early 2000s the extension to the SS7 was added, called Sigtran. It was aimed at adapting VoIP networks to the traditional telephone network. This meant that it allowed to commands to pass through IP-networks. Was this an improvement of the old scheme? Not likely.
Since its start, the SMS was hardly ever improved as it should have been. The SS7 protocol was declared a highly vulnerable one. Actually, its vulnerabilities have been publicized regularly starting from around 2007 and nothing has been done to fix the problems.
Hacking SS7: Easy as Pie, Signal Traffic Isn’t Encoded
You would laugh, but SS7 has no protection at all: signal traffic isn’t encoded, and it is impossible to distinguish between legitimate commands and fake ones. The equipment will fulfill all commands, no matter their source.
The reason is simple. The signal channel is physically separated from the voice channel, and it was widely believed 40 years ago that no third party had access to it except for the telephone station staff. Except for the fact that there was no reason for doing it, except the connection commands and similar, nothing interesting was passed.
Equipment for SMS Interception Available
It’s possible for someone to use specific equipment that allows them to monitor cell phone towers known as a multi-channel passive SMS interception system. It is a compact portable box, which can listen to all available GSM channels, track targets using silent SMS, and record received data on the external storage. This device can be used over a remote desktop.
As an example, with one of these systems you will receive a special phone as part of the system, with the two applications: one for sending a specific silent SMS to the target, and the second for providing the information on the networks and BTSs around you.
The example system is able to intercept from one to sixteen cell phones simultaneously, recording the intercepted data onto the PC for the further decipher. Its capability is up to 10 km in direct visibility and up to 500 m in city conditions.
…Or Save Money If You Have Technical Knowledge
With the Sigtran and passing data through IP-channels, access to the signal channel became much easier to attain from the outside. You won’t be able to enter any network of any operator from your PC because you need an SS7-hub. The bad news is that you can get this hub quite easily on the black market. There, anyone with knowledge of where to look can find multiple offers on hub connecters. The location of the hub isn’t essential because one can send and receive commands in the network of any world operator. Using the SS7-hub means that your SMS are easily intercepted, moreover, these hubs can be used to find out your location and Intercept your calls.
Because of the SS7 vulnerabilities even the average hacker is able to intercept SMS and calls with no specific equipment needed. First of all, a hacker can connect to SS7 by means of specific software and finds out the IMSI otherwise known as the personal number of every mobile subscriber. It carries with it the country code, operator code, and inner unique SIM-card code. Additionally, a hacker receives MSC/VLR parameters (calls and locations commutator), and because of this a subscriber has access to the network.
Using this information, hacker forwards the subscriber to the “fake” network, cheating the home network. Home network sees subscriber as if he/she is roaming. In reality, the “fake” network is now serving the subscriber, as well as the hacker, using specific software, intercepts SMS, listens to calls, and tracks location without the subscriber realizing it.
Vulnerabilities Can Hardly Be Overcome
It’s important to note that if the operator blocks the commands it will negatively affect the roaming and international connection. This is why it is hard to protect the network from these kind of attacks.
So neither a single operator nor even big corporation can protect their mobile subscribers from attacks. To be honest, the problem is global, and all the system vulnerabilities can be fixed only in accordance with the common agreement between all operators worldwide. Which, as you may guess, is going to be very hard to accomplish.
Cheap Alternative: Programs for SMS Interception
Actually, you don’t even need basic technical knowledge to intercept one’s SMS. The only thing you need is to hold a target phone in your hands for several minutes. Just google what needs to be done, and you will find a huge number of programs like “SMS Tracker”, “SMS Spy”, etc. For example, Google Play offers a dozen of free programs for SMS tracking.
By the way, really good spy programs offer a full list of spying features: from listening to your calls to reading all your text messages, including Skype, Viber, FB Messenger, and others. In addition, they track your location, watch your Internet activity, have access to your calendar, notes, and other apps. Sounds frightening, right? Moreover, you would never guess your phone had been hacked because these programs are undetectable for an ordinary user. We have investigated this topic in the article Spies Everywhere: How Anyone Can See Your Conversations in Messengers.
Conclusion
Intercepting SMS is the easiest way to find out your secrets, since the old-fashioned and insecure basic software allows too many people to get into your phone. So, today one doesn’t need to install a bug into one’s phone, or hide a camera in one’s cabinet. For a small price and minimal efforts any business competitor, jealous spouse, paranoid boss will be able to intercept your SMS and calls. Although, it’s better to use messengers like Skype, WhatsApp, Viber, etc., than to send SMS, they are insecure as well. (For more information please read our article Spies Everywhere). The best option is to look for the secure communication solutions.
References:
http://searchnetworking.techtarget.com/definition/Signaling-System-7
https://en.wikipedia.org/wiki/SIGTRAN
https://blog.kaspersky.ru/hacking-cellular-networks/9862/
https://play.google.com/store/apps/details?id=com.gizmoquip.smstracker
https://www.ptsecurity.com/upload/ptcom/SS7_WP_A4.ENG.0036.01.DEC.28.2014.pdf
http://www.onetech.com.tw/?144,otp-cn16-multi-channel-passive-sms-interception-system