WhatsApp recently enabled End-to-End security with 256-bit encryption. This is a very strong encryption can a single word can take hours and days to decrypt, and imagine trying to decode a sentence or a complete message. The same is with other highly encrypted messaging platforms such as Telegram. But though the messaging platforms are highly secure, they can still be bypassed by a hacker to intercept your messages. No, the flaw is not in the messaging app or its services, but it’s in your telecom operator’s technology.
Signalling System 7, or SS7, is the main culprit and it is the technology used by telecom operators, on which the highly secure messaging system and telephone calls rely. SS7 is a set of telephony signalling protocols developed in 1975, which is used to set up and tear down most of the world’s public switched telephone network (PSTN) telephone calls. It also performs number translation, local number portability, prepaid billing, Short Message Service (SMS), and other mass market services.
Several SS7 vulnerabilities that allow cell phone users to be secretly tracked were publicized in 2008. In 2014, the media reported a protocol vulnerability of SS7 by which both government agencies and non-state actors can track the movements of cell phone users from virtually anywhere in the world with a success rate of approximately 70%. In addition, eavesdropping is possible by using the protocol to forward calls and also facilitate decryption by requesting that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded. Researchers created a tool (SnoopSnitch) which can warn when certain SS7 attacks occur against a phone and detect IMSI-catchers.
Currently, SS7 is used by all the world’s cellular carriers. But there is no fix or governing body for them. And this is the simplest way that a hacker can gain control of your secure messaging platforms to eavesdrop on your conversations. Check out the demo by a hacker who shows off the telecom’s SS7 flaw to intercept WhatsApp and Telegram and take over the victim’s conversations.