Cell Phone Network Flaws Can Help Spies Get Around Encryption Apps
Spies and hackers could bypass end-to-end encryption apps by taking over cellphone numbers.
During a recent episode of 60 Minutes, a security researcher in Germany eavesdropped on the cellphone conversations of US congressman Ted Lieu. The researcher didn't need to hack Lieu's phone, or install spyware on it—all he needed was his phone number.
The researcher, Karsten Nohl, was able to spy on Lieu thanks to flaws in a little-known telephone protocol that dates back to the 1970s called Signaling System No. 7, or SS7, which is part of the global telecommunications' networks backbone. In response to this dramatic demonstration, Lieu has called for a congressional investigation into SS7's weaknesses, and to protect his communications he's started using WhatsApp, a chat app that provides end-to-end encryption for calls and messages.
But it turns out that even WhatsApp, chat app Telegram, as well any other app or service that rely on cellphone networks in some capacity, are vulnerable to SS7 attacks because they use text messages to register and activate users.
"Everything that relies on the secrecy of SMS is broken and has been broken ever since SS7 existed," Nohl, who demonstrated how SS7 can be hacked back in 2014, told Motherboard.
"Everything that relies on the secrecy of SMS is broken and has been broken ever since SS7 existed."
SS7 is an administrative data network underlying the one that our calls go through. It's used to make sure your calls and texts are delivered through different networks, and to route them when you're roaming, as well as to do a whole series of other core functions such as calculating billing. As Wired's Kim Zetter explained recently, if you think of cellphone networks as a passenger train system, SS7 is "is the maintenance tunnels workers use rather than the main tunnels through which passenger trains travel."
Researchers from security firm Positive Technologies demonstrated recently that an attacker with access to the SS7 network can take control of the victim's phone number and register to Telegram and WhatsApp pretending to be the victim. This allows the attacker to essentially pretend to be the victim in the eyes of WhatsApp or Telegram, and most importantly, in the eyes of all his or her contacts.
It's important to note that this doesn't mean that hackers or spies can break WhatsApp's encryption, but they can get around it by pretending to be the victim and getting the encrypted messages re-routed to their own cellphone.
These attacks are still mostly theoretical. And it's not trivial to abuse the SS7 network, but the fact that they are possible shows that reliance on cellphone numbers as a way of authenticating users by apps like WhatsApp, Telegram, and many others, can undermine some of their security protections.
As Nohl put it, the cellphone's underlying mobile phone network is "probably the weakest link in our digital protection chain."
In the case of Telegram, researchers from Positive Security not only were able to impersonate the dummy victim, but they also accessed all their chat history. Alex Mathews, a researcher at Positive Technologies, said that getting old messages, rather than impersonating the victim in new chats, is likely the main goal of someone who wants to get access to a victim's Telegram account. (And recently there have been alleged cases of attacks on activists' using Telegram in Russia and Iran.)
The cellphone's underlying mobile phone network is "probably the weakest link in our digital protection chain."
Telegram stores the chat history on its servers, allowing users to access it when they log in from different devices. The ability to chat across devices and see past messages are "core features for tens of millions of our users," according to Telegram's spokesperson Markus Ra.
"Removing them would mean a dramatic downgrade for the larger part of Telegram's audience," Ra told Motherboard in an email. "So as a counter-measure we're beginning to suggest users in countries with the highest risk level for such threats to turn on 2-step verification."
When they tested WhatsApp, the researchers didn't get access to users' chat history, as the app doesn't store it. But they could have still impersonated the victim. (WhatsApp did not respond to a request for comment.)
The main problems in an attack like this one is that the victims really can't do anything to prevent them, according to Nohl.
If you use WhatsApp, you can mitigate the risks of this attack by turning on the "Show Security Notifications" in the security settings.
This way, if one of your contacts gets hacked, you will be notified that his or her "security code" or encryption fingerprint changes. So if that happens, you should check with your friend, using a different communications channel (say, in person, on the phone, or via another secure app) that everything is OK and to verify the new code.
In the case of Telegram, if you're worried about getting hacked or spied on, turn on two-step verification, and use secret chats as much as possible, given that those don't get stored on the server. (It's also worth remembering that Telegram has long been criticized for its security and encryption practices.)
As security expert Martijn Grooten put it on Twitter, the big takeaway from the experiment by Positive Technologies is that "end-to-end encryption is easy, [but] authentication is hard."