Cyber-attacks on mobile phones are dangerous because they exploit the vulnerabilities of the network itself. To stop them, Ofcom needs help from governments and businesses, writes John Hughes
It’s easy to forget the power of the pocket-sized devices we carry on ourselves every day. Our smartphones are our wallets, our identity, and our main communication channel. But a growing group of attackers are acutely aware of how precious all this information is. It’s a one-stop treasure trove of personal data waiting to be stolen, monetised, and weaponised.
Today, there is solid awareness around online security basics like identifying phishing emails and password changing. But very few people are aware of the rise of mobile access brokers.
They’re part of a growing surveillance industry, where mobile access is sold to governments, private companies and sometimes criminals. Attackers can precisely track an individual’s location, intercept text messages, and access personal accounts using two-factor authentication.
Unlike traditional cyber-attacks, the hackers don’t rely on users’ naivety. They target the weaknesses in the very network itself. These ‘access brokers’ exploit vulnerabilities at their core, steal subscriber data, and conduct network reconnaissance to refine their targeting.
The issue lies in communication protocols. These allow mobile networks to ‘talk to each other’, determining how phone calls are routed and billed. The first of these protocols, SS7, dates back to the 1970s. All ensuing protocols, such as Diameter & GTP, must interact and connect with SS7 to ensure SMS delivery and flow of network data. However, weaknesses on SS7 make it easy for access brokers to weaponise mobile networks into geolocating location tracking services and sell this data to the highest bidder.
Notable high-profile attacks in recent years include when fleeing Emirati princess Latifa al-Maktoum was kidnapped at sea, after attempts at trying to geolocate her through her phone in March 2018. In 2021, the web accounts of several wealthy investors in Southeast Asian countries were hacked via SMS hijacking. Last summer there were several attempts to geolocate Mexican journalist Fredid Román’s phone, a day before he was shot dead.
The UK Telecommunications (Security) Act 2021 is designed to safeguard mobile operators and subscribers, with new responsibilities and powers being handed to Ofcom. The regulator can compel telecom providers to take specific steps around network security and share information with Ofcom to safeguard UK networks.
Yet, little attention has been paid anywhere in the Act to mobile access brokers. So Ofcom faces serious hurdles in ensuring operators will properly tackle the issue. Before taking any firm action, it will first need to determine how it can assess operators and their capacity for detecting these kinds of security compromises. It will also need to simultaneously establish a framework for accurately reporting threats like unauthorised access, network or service exploits, and data confidentiality compromises, all in line with the new Act.
The government estimates the cost of UK cybercrime to be £27bn per year. Cyber-attacks are also a growing pillar of state espionage and a national security issue. Mobile access brokers have become essential in this space, operating at the frontier of attacker innovation, with hack-for-hire firms offering cutting-edge targeting, tracking, and surveillance capabilities to anyone willing to pay.
Take Andreas Fink, the Swiss telecoms expert. One of Fink’s systems was recently seen in the system used by the Israeli hacker-for-hire and disinformation group Team Jorge as part of their operations, which required access to the global cellular network.
A recent international investigation led by Haaretz revealed that Team Jorge offered mass-social-media manipulation, election interference, even hijacking email, Telegram, and web accounts. More than 20 members of the Israeli crypto community also had their Telegram accounts hacked thanks to Fink’s infrastructure.
To step up to its new role as telecoms cybersecurity regulator, Ofcom needs the right resources and support to develop its knowledge and expertise.
But given the telecoms industry is so inter-connected, with each new generation built on top of the previous one, the issue is larger than any one regulator or the UK alone. Organisations must ensure the right routing and filtering signalling protection is in place. Globally, operators and regulators must cooperate closely to identify these vulnerabilities better as they emerge, armed with the latest threat intelligence.