WhatsApp recently announced encryption for all its 1 billion users. All the messages, phone calls, photos, and videos sent over the messaging app are now encrypted end-to-end. While the services like WhatsApp offer encryption, security researchers warn that hackers can easily gain access to encrypted communications using SMS messages without having to actually break the app's encryption.
SS7 vulnerabilities render encryption pointless
We may be thinking that our communications on encrypted services are to remain private, forever. It was also assumed that even the intelligence agencies won't be able to crack into the encrypted communications. While tech companies may lead the industry to encryption, a protocol designed in 1970s is here to bite the biggies of the tech world, and ultimately the end users.
Several online services now offer two-factor authentication, enabling a user to get a code in an SMS to gain access to their account. By using the loopholes in the notorious Signalling System 7 (SS7) protocol, hackers can easily impersonate and intercept SMS messages, gaining access to user accounts, regardless of them being encrypted.
"Telecommunications signalling for all services like – voice, text, etc., travel across the SS7 network. Chat applications such as WhatsApp, Telegram, and others use SMS verification based on text messages using SS7 signalling to verify identity of users/numbers. The issue is that, as an attacker, access to the SS7 network can easily be purchased, the only negotiation being on the price paid," - Alex Mathews, technical manager EMEA of Positive Technologies explained.
SMS authentication is one of the major security mechanisms for services like WhatsApp, Viber, Telegram, Facebook, and is also part of second factor authentication for Google accounts, etc. Devices and applications send SMS messages via the SS7 network to verify identity, and an attacker can easily intercept these and assume identity of the legitimate user. Having done so, the attacker can read and write messages as if they are the intended recipient.
The attack is not specific to WhatsApp, Telegram or messaging services, as it can be used for any apps that rely on SMS verification for user identification.
SS7 flaws continue to be exposed
Vulnerabilities in the SS7 mobile signalling protocol have long been reported and tested. We have seen several cases where the exploits have been abused. However, it was believed that only the law enforcement agencies and large hacking groups had access to these exploits. Last month, giving a demo of the exploit, German hacker Karsten Nohl said, "The ability to intercept cellphone calls through the SS7 network is an open secret among the world’s intelligence agencies - including ours - and they don’t necessarily want that hole plugged."
Turns out, the exploits are available to anyone for the right price and the hack doesn't need any high-end, sophisticated equipment too. Using a Linux-based computer and a publicly available SDK for generating SS7 packets, the security researchers demonstrated how to circumvent encrypted apps. SS7 exploits have been used to track a mobile subscriber's location, listen to their calls, intercept SMS, and redirect voice calls, among other attacks.
The SS7 signalling technology was developed in 1970s and is yet to be improved or revised, Positive Technologies said. Since the exploits are useful to the intelligence agencies, we won't be seeing any revisions any time soon. However, as Mathews warns "users of these services need to understand that private conversations are unlikely to be private."