Imagine your every move being spied upon by prying cyber criminals using just your telephone number. Is this possible? Yes, say German security experts!
German security experts from Berlin based Research Labs say it is very easy to spy on anybody by hacking into their smartphone using just their number. To demonstrate their findings, a team of experts spied on a phone used by US Congressman Ted Lieu from California, a member of the House Oversight and Reform Subcommittee on Information Technology, who agreed to use an off-the-shelf iPhone.
The researchers proved their point in an interview with “60 Minutes” correspondent Sharyn Alfonsi. In the show, Karsten Nohl of Security Research Labs and a team of hackers explained how cyber criminals can use a flaw in global mobile network called Signalling System Seven (SS7) to hack into virtually any smartphone.
In the show, Nohl used the congressman’s phone number and the SS7 flaw to hack into his smartphone. Once inside, the hackers were able to intercept and record calls, view his contacts, read his texts and even track his movements. They also automatically logged the number of every phone that called Congressman Lieu which included other members of Congress and elected officials, offering real hackers further targets.
“Any choices that a congressman could’ve made, choosing a phone, choosing a pin number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network,” said Nohl.
“First, it’s really creepy. And second, it makes me angry,” said Lieu. “They could hear any call of pretty much anyone who has a smartphone. It could be stock trades you want someone to execute. It could be calls with a bank. Last year, the president of the United States called me on my cellphone. And we discussed some issues. So if the hackers were listening in, they would know that phone conversation. And that’s immensely troubling.”
The SS7 flaw is not new, we had reported it back in August 2015. An imperfection in the architecture known as SS7, which is a signaling system that is used by more than 800 telecommunication companies across the world. Hackers can listen in to mobile phone conversations, steal information stored on mobile phones, and track the location of the phone’s user.
How does SS7 flaw work?
How does this work? The hacker forwards all calls to an online recording device and then re-routes the call back to its intended recipient, a so-called man-in-the-middle attack. It also allows the movements of a mobile phone user to be tracked through other hacking tools. The victim’s location can be tracked through Google maps.
Nohl says the SS7 flaw is actually an open secret among the world’s intelligence agencies. He also notes that the key flaw lies in the mobile network itself.
“Mobile networks are the only place in which the problem can be solved,” said Nohl. “There is no global policing of SS7. Each mobile network has to move — to protect their customers on their networks. And that is hard.” According to Nohl, all phones are the same and no one phone is more secure than the other.