Slashdot Mirror
Your Phone Number Is All a Hacker Needs To Read Texts, Listen To Calls and Track You (theguardian.com)
Samuel Gibbs, reporting for The Guardian: Hackers have again demonstrated that no matter how many security precautions someone takes, all a hacker needs to track their location and snoop on their phone calls and texts is their phone number. The hack, first demonstrated by German security researcher Karsten Nohl in 2014 at a hacker convention in Hamburg, has been shown to still be active by Nohl over a year later for CBS's 60 Minutes. The hack uses the network interchange service called Signalling System No. 7 (SS7), also known as C7 in the UK or CCSS7 in the US, which acts as a broker between mobile phone networks. When calls or text messages are made across networks SS7 handles details such as number translation, SMS transfer, billing and other back-end duties that connect one network or caller to another. By hacking into or otherwise gaining access to the SS7 system, an attacker can track a person's location based on mobile phone mast triangulation, read their sent and received text messages, and log, record and listen into their phone calls, simply by using their phone number as an identifier.Also from the report, "60 Minutes contacted the cellular phone trade association to ask about attacks on the SS7 network. They acknowledged there have been reports of security breaches abroad, but assured us that all U.S. cellphone networks were secure." Update: 04/18 16:51 GMT by M :Reader blottsie writes: U.S. Rep. Ted Lieu (D-Cali.) on Monday called for a full congressional investigation into the aforementioned widespread flaw in global phone networks.
All they need is your phone number and access to the SS7 system.
Long signatures suck.
"...but assured us that all U.S. cellphone networks were secure."
Best joke I've heard all day. Right up there with, "Don't worry, it's unloaded!" or "I'm sure he'll stop for us, we have the right of way!"
Just cruising through this digital world at 33 1/3 rpm...
SS7 was the telco's efforts to block MFers using the "blue box"; Switching from in-band signalling to out-of-band signalling.
SS7, however, provides some inter-carrier connectivity to enable roaming between carriers; With an IMSI, the visited network can ask the home network "can I give this IMSI service?"... and a deactivation from the home carrier's network to the visited carrier's switches can turn the phone off (used to suppress roaming fraud).
SS7...wow, that takes me back. I thought it had gone out with the landline. Yeah, SS7 has to know your number, that's kind of the whole point of the system, to be able to set up and tear down the call, and to bill correctly. Out-of-band signalling was the death of the oldschool phone phreak, who depended on being able to send tones down the line to control the call. Good ol' Phrack. And idiotic Phrack writers who didn't know what they were talking about. It's a good thing they didn't have comment sections back then, only a periodic publication. Erik Bloodaxe, Voyager, Sirsyko, and when Mudge wasn't an establishment tool. Netta Gilboa. RBOCs. Dumpster diving behind the phone company's central offices. Good times.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
With apologies to Arthur C. Clarke:
When a distinguished but elderly computer scientist states that something is not secure he is almost certainly right. When he states that something is secure, he is very probably wrong.
No, the encryption is between the phone and base station, not inside SS7 network.