Why operators need to mitigate against the rising crop of ‘access broker’ spy firms

Telecoms.com periodically invites expert third parties to share their views on the industry’s most pressing issues. In this piece John Hughes, Senior Vice President and Head of Enea AdaptiveMobile Security, analyses some contemporary security threats telcos should be aware of.

The surveillance landscape has evolved dramatically since whistle-blower Edward Snowden leaked evidence that the USA and its ‘Five Eyes’ intelligence allies were responsible for a surveillance dragnet spanning the globe.

If that wasn’t alarming enough, now, with more than 8.58 billion mobile subscriptions in use worldwide in 2022, according to the ITU, it is not just governments building these over-reaching programs – but a growing number of private sector contractors and hackers, who have exploited loopholes in the global mobile communication infrastructure to create a new mobile surveillance industry, selling their capabilities to governments and individuals alike. In effect extending the surveillance capabilities beyond intelligence agencies to anyone who can afford them.

A recent report by investigative media consortia Lighthouse Reports found that one dealer based in Basel, Switzerland has become instrumental in providing surveillance systems to customers who go on to offer their own geo-location tracking and spy services, as well as enabling the interception of SMS messages and account hijackings.

These surveillance systems have a long tail, and according to the report have found their way into the activities of Israeli disinformation group Team Jorge, a notorious hacking unit that has previously hijacked email, Telegram, and other web accounts.

This is a national security threat, too, not just a threat to individuals: countries without signalling protection in place are at risk of election interference by threat actors. Signalling attacks, which differ from traditional spyware that targets devices and operating systems because they use the network to track the location of targets, have been used to target persons of interest at the highest levels, such as when a senior strategist linked to Kenya’s president William Ruto revealed that his Telegram had been compromised. Meanwhile, the HiddenArt threat actor uses signalling attacks and the SS7 protocols to track Russian political dissidents. Just like how ransomware is now available for sale on the dark web, ‘access brokers’ offer signalling attacks as a service – and sometimes out in the open.

It is weaknesses in the SS7 signalling set of communication protocols, dating back to the 1970s, that make weaponizing mobile networks into geo-location tracking services possible. Despite its age, SS7 is still a critical part of mobile communication, enabling SMS plus controlling how phone calls are routed and billed. It was at the Chaos Communication Congress event in 2014 when researchers first publicly demonstrated just how devastating SS7 attacks could be, and while measures have been introduced to mitigate them somewhat – such as when bodies like the GSMA established network monitoring services – the vulnerabilities remain an issue.

These communications vulnerabilities have also been linked to the capture of IMSIs, or private user identifiers, however other data in the investigation revealed ‘active’ capabilities such as intercepting message content, which can be used to intercept two factor authentication security messages, in order to access personal accounts.

Mobile proliferate smartphones have become increasingly appetising targets for surveillance. Perhaps most infamously, Israel’s NSO Group has made its Pegasus software available to a whole range of government customers, and although on paper the software is intended to be used only against criminals or terrorists, in practice, say critics, the spyware has been used by governments to spy on dissenting voices or political opponents.

As member of the European Parliament, Sophie in’t Veld is on the record saying, that core mobile infrastructure can be exploited in this way suggests the need for improved regulatory enforcement and should bring about a renewed focus on shutting down loopholes across telco networks. “Telecom providers must make sure that they cannot be abused as a kind of highway for spies,” in’t Veld was quoted as saying.

Change is coming. Earlier this year, Rowland Corr, Vice President of Government Relations at Enea, was one of several industry experts invited to share his expertise on signalling attacks with the EU PEGA Committee. Corr highlighted the wider threat of unauthorized intrusions beyond the use of spyware which pose the same fundamental societal threats. In June, the EU’s PEGA Committee Adopted 8 Recommendations on Telecom Networks.

But it is also a mistake to assume that risks largely lie in older sets of protocols, such as SS7, although these must be given closer attention – indeed, even more recent generations like 4G and 5G have their issues, often because they interconnect with prior generations and the vulnerabilities in those.

There may be a case that signalling security deserves to sit in its own specially designated category; although signalling is generally grouped under the wide umbrella of cyber security, the technologies and expertise needed to tackle it is completely different to more traditional cyber security.

In such a complex global network with so many actors and stakeholders, the only way forward is a united approach between operators and regulators to protect inter-network traffic and taking stronger steps to interrogate internal threats. Operators must be honest about these security risks, and work to educate their customer base about mitigating against them.

Having spent 16 years in a number of leadership roles at Enea AdaptiveMobile Security, John is now our SVP of Security. John possesses in-depth industry and customer knowledge, with a proven track record of delivering first-class software and intelligence services. His proximity to the telecoms and cybsersecurity industries means he is well placed to deliver unique telecoms and mobile security insights and recommendations.

Get the latest news straight to your inbox. Register for the Telecoms.com newsletter here.