Your phone number is all a hacker needs to gain access to your smartphone

2

Hackers have demonstrated how incredibly easy it is for someone to gain access to your call data and text messages – irrespective of how many security measures you have in place.

The hack, which was first exposed for a German TV show in 2014, has been shown to still be possible almost two years later.

The most recent hack came after a team of professional security experts from Berlin based Research Labs were recruited by the popular American current affairs show 60 Minutes.

During the show, the experts explained how alarmingly easy it is for someone to hack into any smartphone with having little more than just the phone number of the target.

They demonstrated this by breaking into the smartphone a US congressman Ted Lieu, who had agreed to use a regular off the shelf iPhone.

One of the security experts, Karsten Nohl is employed by communications companies to help discover security vulnerabilities in software and networks.

He explained by using only the phone number, he was able to pinpoint the location of the congressman and also listen in to conversations he had with his staff. Nohl was also able to record the phone conversations and view contacts, as well as logs of incoming and outgoing calls.

Perhaps most alarmingly of all is that all smartphone users around the world could be potential victims of a similar hack and other than switching off the smartphone completely, there is little that anyone can do to safeguard against it.

Nohl explained that the hack takes place on the network side, rather than on the actual device itself, so it makes little difference of how many security measures the user has put in place.

The technique used by Nohl targets vulnerabilities in the Signalling System No.7 (SS7) network interchange, which kind of acts as a broker before a call is transferred from one network to another.

By hacking into the SS7 system, a hacker can listen to calls and read text messages on mobile phone.

“The mobile network is independent from the little GPS chip in your phone, it knows where you are. So any choices that a congressman could’ve made, choosing a phone, choosing a pin number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network. That, of course, is not controlled by any one customer,” Nohl explained.

Part of the reason why the SS7 network, which is used by every mobile phone network the world over is so vulnerable is because it essentially isn’t governed by by one organisation or nation, in a similar way that no one organisation governs the Internet. This means that policing the SS7 network is difficult.

“The ability to intercept cellphone calls through the SS7 network is an open secret among the world’s intelligence agencies – including ours – and they don’t necessarily want that hole plugged,” Nohl added.

 

 

 

Share.

2 Comments

  1. I love it…

    “Gimme a call.”
    “OK. What’s your phone number?”
    “Sorry. I can’t tell you. If I give it out, someone could hack my phone.”

  2. Just for my intgerest. would it help to keep the tel. call and messages private if the telephone uses encryptions, end-to-end?