Israeli Firm Says They Can Use SS7 to Bug Any GSM Phone

Anatoly Hurgin, CEO and co-founder of Israeli firm Ability Inc, has given an interview to Forbes magazine where he claims his business can spy on the location, calls and texts of any GSM phone. According to Hurgin, all he needs is the telephone number or IMSI, and he can then spy on the phone no matter where it is located in the world. Ability says it will charge customers between USD5mn and USD20mn, depending on the number of targets to be monitored, for use of their Unlimited Interception System (ULIN) (logo photographed above). ULIN has not been sold to many customers yet, but spying is a booming business, and if this technology works it is only a matter of time before the revenues will start flowing. You can read the full article here, and I recommend you do!

Hurgin’s methods exploit weaknesses in SS7 security that have previously been explained by white hat hackers like Karsten Nohl. However, this is the first time I have heard of a business offering a spying service like this without needing the explicit involvement of a supporting telco. Perhaps Ability has a deal with a partner telco that currently remains in the shadows. However, that makes me wonder at the wisdom of any telco CEO who instigates a surveillance arms race with every other telco in the world. Or maybe Ability has made the investment to hack SS7 so ULIN can work without needing the assistance of a genuine telco. That would be a scary precedent, though hopefully it would only encourage telcos to speed their investment in SS7 firewalls. In the Forbes interview Hurgin dismissed the suggestion that SS7 firewalls would kill his business model before it gets any traction; he believes telcos will be too slow and too reluctant to invest in SS7 firewalls. Based on my own experience of telcos, he may be right.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.