Here’s How You Can Defeat SS7-based Surveillance of Phone Calls and Texts


495543343Security flaws in the global telecommunications system enable relatively-unsophisticated hackers to listen on your phone calls and read your texts, German security researchers revealed last week.

One lets hackers route individual phone calls to themselves before forwarding on to the recipient, two researchers told the Washington Post newspaper last week, while another flaw lets hackers collect all of the wireless calls and texts in a particular geographic area. As described in the widely-circulated interview, the flaws are features of the long-used SS7 (Signaling System No. 7) system used by telecom carriers to manage communications transmissions.

The flaws, which have been around for nearly 3 decades, are “really not much of a surprise” to Christoph Erdmann, Chief Technology Officer of Secusmart, an anti-surveillance vendor that BlackBerry acquired last week.

And the widespread encryption used by 3G and 4G cellular technologies such as GSM, CDMA and LTE do not protect against hackers intercepting and listening in/reading on mobile calls and texts.

“These disclosures have once more underpinned the fact that a system is only as secure as its weakest link,” says Erdmann, who is now Senior Vice-President of BlackBerry’s Secure Voice division. “In this case, the discovered vulnerability of SS7 undermines the privacy of billions of phone calls made every day via the global communications networks.”

Deutsche Telekom has said it is trying to step up to mitigate the problem as much as possible. But it’s unclear how much effect a single carrier can have, both for its own customers or others, due to the sprawling, interconnected nature of the worldwide network.

“The dilemma with this is that those systems are hard to replace as they are globally connected while at the same time the technology for attacking those systems, as demonstrated by the German researchers, becomes cheaper every day,” says Erdmann.

What Enterprises Can Do

Organizations can and should go ahead and protect themselves, however. They should seek a communications service or solution that offers end-to-end encryption and authentication, says Erdmann. These over-the-top (OTT) services, so-called because they transmit over the communication networks of large carriers but not under their control, keeps your conversations, messages and e-mails safe from any underlying network vulnerabilities.

Merkel Holds Summer Press Conference

Or as Erdmann puts it: “It is the only way to make sure that communication remains trusted and secure between two endpoints even if they are connected via an insecure network.”

Secusmart, which is best-known as the encryption provider used by German Chancellor Angela Merkel (right) to keep conversations on her BlackBerry device private, has several secure offerings today. SecuSUITE for Government for BlackBerry 10 devices provides the most complete, rigorous security for secure communications. SecuSUITE for Enterprise is used by both governments and enterprises to provide secure communications on a variety of devices, including iPhones, Android and BlackBerry 10 phones and tablets. The other is a software solution called SecuCALL that is offered via carriers such as Vodafone Germany to enterprise customers.

(As of February 2015, BlackBerry holds 70+ security certifications and approvals from governments.)


mobile security ebook final coverSmart IT managers know that there are three very good alternatives to BYOD. But what are the strengths and weaknesses of mobile deployment models such as CYOD), COPE) and COBO)? And how do you choose what’s best for your organization?

In a webinar on Thursday, May 28th (2015), BlackBerry director of security Alex Manea will be examining all four mobile deployment models and looking at the pros and cons of each.

Webinar attendees will also receive a new 100-page e-book from BlackBerry: The Definitive Guide to Enterprise Mobile Security: Strategies and Tactics for Business and IT Decision-Makers.

Co-edited by Manea and BlackBerry blogger Eric Lai, the e-book offers comprehensive strategies and actionable tips for tech and business managers wrestling with how to manage and deploy devices in a secure, future-proof way.

The webcast will air on Thursday, May 28th at 11:00 AM EDT, and will include a live Q&A with Alex. Register for Alex’s webcast HERE. You can also register for these webinars hosted by BlackBerry security experts:

June 4th: The 8 Keys to Developing a Bullet-Proof Enterprise Mobility Management Strategy, hosted by Nader Henein

June 11th: How to Create a Secure, Boundary-less Enterprise with Mobile Containers and Enterprise File Sync and Share, hosted by Jay Barbour

You can also register and listen to these webinar recordings after they are broadcast.

About Eric Lai

I have written about technology and mobility for Computerworld, ZDNet, Forbes and others. I oversee the blogs and social content here at BlackBerry and continue to track and opine about the latest news and trends in enterprise mobility. Follow me on Twitter (ericylai)

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus