Security researchers in Germany have reportedly discovered two ways to both capture and decrypt voice and SMS communications that travel over SS7, a set of protocols used by phone systems. The Washington Post
The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network.
Those skilled at the myriad functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is potential to defraud users and cellular carriers by using SS7 functions, the researchers say.
The same researchers previously reported that SS7 could be used to track locations. I'm not smart enough to know how easily this vulnerability could be exploited in the real world, but it does make me grateful we have alternatives like FaceTime and iMessage — or whatever secure VoIP and messaging services you prefer. They use their own end-to-end encryption, so can't be understood even if the raw data is captured by either of the two methods described.