Security bugs in mobile networks exposed
16 October 2015, Nirapad News: Mobile networks around the world have been penetrated by criminals and governments via bugs in the code that keeps them running, research suggests.
The bugs could be abused to carry out large-scale fraud and unlawful surveillance, security company Adaptive Mobile said, the BBC reports.
It found evidence of compromise in most of the 75 networks it studied.
The study builds on work by other security researchers who warned about loopholes in core network code.
“There’s varying rates of activity in every operator we have worked with,” said Cathal McDaid, head of Adaptive Mobile’s threat intelligence unit, which carried out the research.
“They are all being hit by this to one extent or another.”
The security holes have been found in a technology known as Signaling System 7 (SS7), which helps to interconnect mobile networks across the globe.
“The SS7 technology is a huge pervasive network that spans the world,” said McDaid.
“More people use it on a daily basis than use the internet.”
The research was prompted by work on SS7 by other security experts who, in a series of separate projects, identified potential problems in the way that it had been implemented on many mobile networks,
“We’ve found that this is not just theoretical, this activity is ongoing,” McDaid said.
By abusing the SS7 security bugs, cyber-thieves have been able to defraud mobile operators by tricking billing systems into giving them cheap calls and roaming.
The loopholes have also been used to track people closely, home in on their handset and tap into calls and messages.
In some cases, said McDaid, governments had been found to be abusing the vulnerabilities to carry out unlawful surveillance of targets in other nations.