Are Your Cell Phone Calls, Texts and Data Usage Being Monitored by Cyber Criminals?
Much has been made of data security in recent years. And as new reports detailing the rise of cybercrime, and the numerous ways thieves can obtain and abuse the public’s private information, continue to escalate, the attention the topic has garnered is warranted.
One of the lesser known ways Americans are currently being targeted is through their cell phones. According to a recent article from the Washington Post, the DoH has received reports that:
“nefarious actors may have exploited” global cellular networks “to target the communications of American citizens.”
In this blog, we’ll discuss how exactly cyber criminals are able to access your private cell phone information and what you can do to protect yourself.
How Thieves Acquire Personal Cell Phone Data
Signaling System 7 (SS7) is a telecommunications system dating back to the 1970’s that allowed telephone companies to exchange information and properly route calls. Today, cell phone carriers utilize the network in order to provide service to customers travelling outside their network.
Unfortunately, SS7 is not secure. Hackers and thieves can quite easily assume the identity of a cell phone carrier and make inquiries into subscriber’s personal information through the network. And it seems that American citizens are their favorite targets.
The details that they’re able to monitor and steal include physical location information as well as actual texts, calls and data usage. Perhaps even more unsettling, it’s been confirmed that cyber criminals have also been able to exploit the SS7 network and steal money directly out of people’s bank accounts.
Banks traditionally protect their customer’s accounts through the use of two-factor authentication codes. But savvy hackers have found a way to game the system. Here’s how:
- First, they obtain account passwords, cell numbers and account balance information through the use of typical bank-fraud Trojans.
- Next, they assume the identity of a telecom provider and use SS7 to redirect any text messages sent from the bank to a customer containing one time codes or passwords.
- Once in possession of the real account holder’s bank password and one-time code, the thieves simply have to login and transfer money to their own bank account.
This terrifying scenario has been confirmed by Germany’s Telefonica to be an actual practice used by cyber criminals. But is there a way to combat these techniques?
What You Can Do to Protect Yourself
It’s worth mentioning that, while the SS7 system does have several severe security shortcomings, the likelihood of your personal information being stolen and exploited is relatively low.
It’s also important to note that cell phone carriers are aware of the potential for fraud and have begun taking their own steps to prevent future data breaches.
But if even the slightest possibility of thieves monitoring your private details or hacking into your personal financial accounts puts you on edge, we completely understand! So, let’s talk about any potential ways you can protect yourself.
Stay In Network
According to Tobias Engel, a German telecommunications researcher interviewed in the above mentioned Washington Post article, cell phone service providers are much better at protecting their own subscribers.
Meaning that as soon as you enter a different network (such as when you travel both domestically and to foreign countries) your information becomes more vulnerable. So, essentially, one of the easier ways to help prevent against SS7 fraud is to remain in network.
But for many of us, life is about experiences and seizing the moment. For those who enjoy travel, are there any other means of protection? Indeed there are:
Only Use Apps with Encryption
By using communication apps with encryption, you’ll be able to make your phone calls, texts and emails much more difficult to hack.
And while there are different methods of encryption, each works to protect private information through the scrambling of plain-text data, such as a normal text message. The information in question is then deciphered upon reaching its destination using a symmetric key.
The most secure apps will be those that utilize end-to-end encryption, which means that the data sent is only stored at each end point (the user’s devices), not the servers it travels through.
Here are a few different apps and services worth considering for all your protected communication needs:
- Text Messages and Phone Calls: WhatsApp, Signal, Telegram and iMessage (iOS only)
- Emails: NeoCertified, ProtonMail, Mailfence
- Data Usage: Hotspot Shield, BetterNet, SurfEasy
Guard Your Personal Data
The final way you can guard against potential hacks is to judiciously guard your personal data.
This includes taking simple, “common sense” measures; create and use strong passwords or passphrases, and refrain from accessing your bank accounts on public networks. These are open networks that you’ll find at places like your local coffee shop or local library.
It also means you should be very careful about how you send out (or give out) your private details to individuals or businesses: credit card numbers, bank account information, social security numbers, etc. Only give these details out to those who absolutely need them and whom you trust completely.
Lastly, it may be wise to avoid any kind of two-factor authentication via SMS texts when attempting to receive bank account access codes. If your bank provides another option, take it.
Guarding Against Cyber Criminals
Thieves and hackers are never short on ways to exploit innocent people’s private information. And the results of such attacks can be quite devastating. But knowledge of a potential threat is the first defense against it!
Now that you understand the risks that the SS7 system places on your cell phone calls, texts and data usage, you can take the proper steps to protect yourself. We encourage you to do so.
While the likelihood of you becoming a victim of cybercrime may seem small, thousands of people are being taken advantage of every day. We hope you’re not one of them!
Written by Peter J. Schaub
President & CEO, NeoCertified