The flaws make use of a vulnerability in SS7, the global network that allows companies to send calls, texts and other services to each other, reports the Washington Post.
The flaws are actually functions that are supposed to be used for other purposes, like keeping calls connected as users as they drive down motorways, that hackers re-purposes to allow access to the calls themselves.
SS7, despite being still key to mobile phone’s functioning, was built in the 1980s and is still riddled with serious vulnerabilities. But because it is the foundation of mobile phone systems, even as company invest billions of pounds into new security and encryption techniques the problems will continue to exist.The network is used worldwide meaning that hackers do not even need to be anywhere near users’ phones to break into them.
They will be reported at a hacker conference in Hamburg later this month. That will mark the first time that the vulnerability will be revealed to the public, but the vulnerability is likely to have been exploited already.
“I doubt we are the first ones in the world who realize how open the SS7 network is,” Engel said.