The privacy debate is far from over, even though the infamous FBI vs. Apple case has been officially settled. How safe and protected are we, and do we have a deceptive sense of security when in fact we should be worried?
According to the latest reports, the latter holds more truth, as hackers have demonstrated – yet again – how simple it is to override sophisticated security precautions and eavesdrop on someone simply by getting their phone number.
First proved by German security researcher Karsten Nohl in 2014, the hack made another appearance over a year later for CBS’s 60 Minutes; the American television program showed that it’s still active and still a vulnerability.
The hack exploits the Signalling System No. 7 (SS7), the interchange network service that acts as a broker called between mobile phone networks. When someone makes a call or sends a text across networks, it’s the SS7 that handles the SMS transfer, the number translation, billing and other back-end duties.
If an attacker should gain access to the SS7 system, a phone number as an identifier is enough to track someone’s location, read their sent and received text messages, and record or listen to their phone calls.
Nohl is currently focused on analyzing the vulnerability posed by SS7 for several international mobile phone networks, so he went on the CBS show and demonstrated the hack.
Viewers were surprised to see him track the phone of US Congressman Ted Lieu in California using only its phone number, as Nohl was able to identify Lieu’s movements down to districts within Los Angeles. He could also read his messages and record Lieu’s phone calls with his staff.
The problem here is that consumers can do too little else to safeguard against the snooping other than turning off their smartphone. No matter the phone in question, the attack has the same power because it occurs on the network side.
Nohl made it very clear: “The mobile network is independent of the little GPS chip in your phone, it knows where you are. So any choices that a congressman could’ve made, choosing a phone, choosing a pin number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network.”
The SS7 has often been used by hackers, but national security services, including the NSA, are also believed to make use of this system to track target users.
Image Source: Android Authority