How Easy Can Someone Know Where You Are Through Your Phone?

Sat, 10/28/2017 - 17:04

Mobile Network Standard That Affects Us All

Because many of us have smartphones, the target on our backs is bigger than ever. Hackers, even nation states, are targeting smartphones to tap into cameras and microphones, but crucially and most of all, your data including your geo-location data.

The calling protocol that is used for one network to “talk” to another was developed in 1970’s and is called the Signalling System No 7 (SS7). The SS7, also known as Common Channel Signalling System 7 (CCSS7) or Common Channel Interoffice Signaling 7 (CCIS7). It is a set of protocols developed in 1975 that allows the connections of one mobile phone network to another. The protocol was somewhat refined around 2000 with a SIGTRAN specification, which made it IP network environment friendly. This, however, meant that all the weak links on the upper level of SS7 infrastructure were carried over. A hacker accessing the SS7 system can snoop target users, locate them, and transparently forward calls [1], [2], [3].

Short History of Mobile Infrastructure Vulnerability

2001

A Master Thesis from Lennart Ostman of Lulea Tekniska Universitet in 2001 was on "A study of Location-Based Services including design and implementation of an enhanced Friend Finder Client with mapping capabilities" [4]

2008

It was also made public by Tobias Engel during a Chaos Computer Club Congress held in 2008, when Tobias made a live demo of tracking abilities [5].

2013

Edward Snowden revealed how the spying agent was exploiting the weaknesses of SS7 to create a very intelligent and complex series of solutions enabling them to simultaneously track and analyze millions of citizens without their nor carrier’s knowledge or approval [6].

Hacking Tools

1) Ability Unlimited Interception System is to provide extensive surveillance chances to law enforcement [7].

2) SkyLock is a global geo-location solution. It is a real time and independent location finding solution for GSM and UMTS subscribers, which enables operational agencies to retrieve subscriber location information on a global basis, including the case of inbound/outbound roamers and foreign countries [8].

Conclusion - How to Protect Ourselves

Secure phone, secure mobile apps and a watchful mind

Verdict? Abandon illusions of privacy if you still have them.

Or another option is to pay secure smartphones at a price. Sirin Labs' glitzy launch of the US$14,800 Solarin smartphone was attended by Hollywood stars Leonardo DiCaprio and Tom Hardy. Boeing developed the Boeing Black smartphone for its defense and security clients [9].

Many companies have boosted the security around their messaging apps: Apple's iMessage and Facebook's WhatsApp are both now using end-to-end encryption, for example. But encryption can only protect you up to a point: while an app might be secure, that's not much help if you've already been tricked into downloading a piece of malware that's sending screen grabs of your messages or recording your calls. All of which means that if someone really wants to spy on your communications, secure software alone will not be enough to protect you.

An end to end security protection is the key; the user is part of it and needs not be the weakest link if you know what is secure and what not.