Slashdot Mirror

← Back to Stories (view on slashdot.org)

Your Phone Number Is All a Hacker Needs To Read Texts, Listen To Calls and Track You (theguardian.com)

Posted by msmash on from the challenge-for-the-day:-act-surprised dept.

Samuel Gibbs, reporting for The Guardian: Hackers have again demonstrated that no matter how many security precautions someone takes, all a hacker needs to track their location and snoop on their phone calls and texts is their phone number. The hack, first demonstrated by German security researcher Karsten Nohl in 2014 at a hacker convention in Hamburg, has been shown to still be active by Nohl over a year later for CBS's 60 Minutes. The hack uses the network interchange service called Signalling System No. 7 (SS7), also known as C7 in the UK or CCSS7 in the US, which acts as a broker between mobile phone networks. When calls or text messages are made across networks SS7 handles details such as number translation, SMS transfer, billing and other back-end duties that connect one network or caller to another. By hacking into or otherwise gaining access to the SS7 system, an attacker can track a person's location based on mobile phone mast triangulation, read their sent and received text messages, and log, record and listen into their phone calls, simply by using their phone number as an identifier.Also from the report, "60 Minutes contacted the cellular phone trade association to ask about attacks on the SS7 network. They acknowledged there have been reports of security breaches abroad, but assured us that all U.S. cellphone networks were secure." Update: 04/18 16:51 GMT by M :Reader blottsie writes: U.S. Rep. Ted Lieu (D-Cali.) on Monday called for a full congressional investigation into the aforementioned widespread flaw in global phone networks.

7 of 98 comments (clear)

  1. Soooo.... by John+Napkintosh · · Score: 5, Insightful

    All they need is your phone number and access to the SS7 system.

    --

    Long signatures suck.
    1. Re:Soooo.... by Anonymous Coward · · Score: 2, Insightful

      But GP's point is well taken. A hacker who is tapped into SS7 can eavesdrop on any conversation or texting. The "Your Phone Number" part is a minor point.

    2. Re:Soooo.... by konohitowa · · Score: 3, Insightful

      Karsten Nohl and his team were legally granted access to SS7 by several international cellphone carriers. In exchange, the carriers wanted Nohl to test the network's vulnerability to attack. That's because criminals have proven they can get into SS7.

      http://www.cbsnews.com/news/60-minutes-hacking-your-phone/

      But yeah, totally available from a number of websites for a buck. It was just easier to get the carriers to give him access since he didn't actually have a dollar handy.

    3. Re:Soooo.... by Locke2005 · · Score: 3, Insightful

      No, it was LEGALLY easier to get the carriers to give them permission, otherwise they would be subject to arrest with they published their findings.

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    4. Re:Soooo.... by Junta · · Score: 3, Insightful

      The point being that the access to SS7 is the story, *not* something about the phone device itself or something inherent to your phone number. The headline put out there in the media is focusing attention in the wrong direction.

      --
      XML is like violence. If it doesn't solve the problem, use more.
  2. Uh duh by 110010001000 · · Score: 4, Insightful

    If you have access to the cell phone companies network, you can do what the cell phone companies do. Next on 60 Minutes: if a thief steals your car, he can drive it anywhere he wants to! Tune in at 11 for more SHOCKING details.

  3. Re:No need to panic, the US is safe. by Anonymous Coward · · Score: 5, Insightful

    With apologies to Arthur C. Clarke:

    When a distinguished but elderly computer scientist states that something is not secure he is almost certainly right. When he states that something is secure, he is very probably wrong.