The American company, called Verint, suggests Skylock service that can track subscriders all over the world, without users or operators knowledge.
On the Internet, there are so many services that can monitor the location of the user, but the case of Verint, perhaps, is one of the first, when such services are offered quite officially and globally.
How can it be? When it comes to mobile surveillance, it is believed that this requires technologies that are used by special services only. In reality, everything is easier. The telecommunication network contains many small systems of different technical level, and the level of the network security is often determined by the level of the weakest link.
The installation of voice calls, which was based on SS7 can be considered as an example. In the 2000s, a specification SIGTRAN, by which SS7 messages were transmitted through IP-based networks, was created. The funny thing is that the new method has left the same gap as SS7. With these omissions, hackers can send, change and intercept sms by SS7protocol, while attacking the mobile networks, as well as their users.
One of the first, who spoke about the SS7 issue, was Tobias Engel, a German specialist, who showed the spy technique on users of cellular communication. Professional scientists have known about this vulnerability back in 2001. Governments from many countries knew about this problem. In 2013 a lot of people were concerned about this problem, after the Snowden‘s announcement and the NSA revelation. Even after these events, the formal proposals from companies like SkyLock, which can help in surveillance of subscribers, became known.
A similar problem affected Ukraine as well. In June, 2014 the state structures reported that a lot of "MTS-Ukraine" subscribers’ conversations were tapped through the server, which might belong to the subsidiary of Russian operator Tele2.
Scientists believe that this phones wiretapping algorithm is a combination of some attacks, which are described in details in the report, called "Vulnerabilities in mobile networks based on SS7».
In this study, experts have implemented the following attacks: the disclosure of subscriber‘s location, the subscriber‘s access restriction, the interception of SMS and conversations, fake USSD-requests and the transference of funds through them, the voice calls redirection, the impaired access to the mobile commuter.
It just goes to show that even the well-known telecom operators are not protected against such attacks. Hackers do not need super-equipment for such actions. During the experiment, the researchers used a node, based on ordinary computer with Linux OS, set SDK to create SS7 packages. Such programs are available in the Internet.
110 Reykjavik, Iceland