Previous articles in this magazine have explored real-life examples highlighting the insecurity of our modern communications infrastructure. Regular readers might remember the anecdote of an impromptu hacking lesson in the Universidad de Buenos Aires in the year 2000, where our teacher simply intercepted a phone call made by one of the students with a small handheld scanner. The same article goes on to describe how I was able to use a software tool called “CaptureNet” to sniff packets on port 1863 (used by MSN Messenger back in the day) and thus secretly read all the exchanges between my work colleagues in 2001.
Scary stuff, but here we are 24 years later, and the telecom trust situation has not improved. If anything, it has gotten worse, and therefore it has become a matter of national security, as shown by this month’s Vidéothèque movie, “Exposing The Flaw In Our Phone System”, narrated and experienced by Derek Muller and Linus Sebastian.
I do not think we need an introduction of their respective channels, but here it goes anyway: “Veritasium” is the brainchild of Derek Muller, a PhD in physics education, and a prolific science communicator. His channel regularly features science-related videos, with total viewership counts in the billions. A quick review of the most popular videos on Veritasium brings hallmarks like the 96 million black balls on a reservoir, Derek waterproofing himself with aerogel, the story of the man who accidentally killed the most people in history, or a discussion about parallel worlds.
On the other hand, Linus Sebastian is a Canadian YouTuber hosting “Linus Tech Tips” since 2008, again with millions of subscribers and billions of views, and featuring videos about computer hardware and software.
Following the classic Veritasium style, Derek kicks off his video with a review of historical fragilities in the phone system, including Steve Jobs’ and Steve Wozniak’s attempt to call the Pope while impersonating Henry Kissinger, using a small device of their own creation called “Blue Box”.
Derek then proceeds to explain the current Signalling System No. 7 protocol, or SS7, used by global telecommunication companies worldwide to route calls and service information. And here lies the heart of the video: the protocol works like a “walled garden”, where, as soon as given access to, any telecom operator can freely use, without further checks.
The problem is, not all operators are trustworthy. Actually, getting access to the network is surprisingly simple and cheap, even for an individual!
The case of Sheikha Latifa bint Mohammed Al Maktoum, daughter of the Prime Minister of the United Arab Emirates, is a frightening example of the vulnerability of the SS7 system. She made the headlines in 2018 when her failed escape to India was thwarted by the intervention of the FBI, who used the geolocation features of the SS7 protocol to pinpoint her location on a boat 50 miles away from the shores of Goa.
Using precisely those same flaws in the SS7 protocol, Derek (with the help of security experts Karsten Nohl and Alexandre De Oliveira) proceeds to “hack” Linus’ smartphone, intercepting calls and SMS messages.
Precisely what I saw with my own eyes in 2000 in that fateful classroom in Buenos Aires.
A bewildered Linus tries to understand what is going on, and in minute 17:30 asks:
So, the most important question I have now then is, what did you need to steal from me, in order to become me? Like, is this something you can social engineer out of my carrier, is this something that, I would need to accidentally leak a screenshot of my IMEI…?
Derek’s response is as lethal as it is short:
At the very simplest, all what we need is your phone number. That’s it.
The face of Linus at minute 17:52 and his final reaction says it all:
This is why we can’t have nice things.
To add insult to injury, among the SMS messages that Derek receives on behalf of Linus, there is a two-factor authentication code for Linus’ YouTube channel, providing full administrative access to the contents of one of the most popular on the platform.
What can we do to protect ourselves from this threat? Unfortunately, as Derek says, not much.
Karsten Nohl explains that the 5G protocol includes fixes to the well-known flaws of the SS7 system, but the costly (and hence slow) rollout of these capabilities means that the current state of things will most probably remain untouched for a decade, or even longer than that.
You have been warned: lower your expectations of trust, and protect yourself. With a bit of luck, the hack I witnessed in the year 2000 will not be possible anymore in 2045. But let us be honest, I am not holding my breath.
Watch this month’s Vidéothèque movie, “Exposing The Flaw In Our Phone System” by Derek Muller & Linus Sebastian, on YouTube.
In the meantime, you might want to stop using SMS codes for your two-factor authentication, and use time-based one-time passwords instead (sadly, not all online services have watched this month’s Vidéothèque movie). Remember to switch to encrypted messaging apps like Signal to chat with your family, colleagues, and friends as well.
In other words, TL;DR: Please give a shit.
Cover snapshot chosen by the author.