Not to mention mysteriously emptying bank accounts!
There have been several recent news stories highlighting the susceptibility of mobile phones to hacking. As well as the danger of IMSI catchers there are vulnerabilities within the SS7 protocol – which we’ve talked about previously in our blog post, What’s up with WhatsApp? https://www.armourcomms.com/whats-up-with-whatsapp/#more-1233
El Reg recently ran a story about how Ukrainian soldiers are being bombarded with propaganda texts. The use of a fake base station or IMSI catcher mounted on a drone is suspected because the attacks are highly localised, the texts arrive when the phone is showing no reception and they leave no trace on carrier networks.
Back in January customers of European banks had their bank accounts drained in a quite sophisticated attack. Hackers first infected the banks with Trojan malware to steal login details of customers and view account balances. Then they exploited SS7 to intercept the one-off verification codes for transactions that are sent by SMS.
SS7 is the protocol used by telcos to enable mobile phones to connect to other networks, and to enable them to share/swap billing information (for example). SS7 was designed 40 years ago, when mobile phone hacking was thought extremely unlikely and you would need to be a telco to do it. Nowadays practically anyone can set up as a telco, which opens up a whole world of opportunities for those with malicious intent.
These two separate stories show the dangers of mobile phone hacking, and its increasingly pervasive nature. It’s a wake up call for all of us to take the security of the ultimate end point – the mobile phone – extremely seriously.