Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Data Security / Mobiles Hacked with Phone Numbers
Hackers Can Listen To Calls Knowing Only Your Phone Number
Hackers Can Listen To Calls Knowing Only Your Phone Number
By Shirley Siluk / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Last night's "60 Minutes" broadcast on CBS showed how a team of hackers in Germany was able hack a U.S. Congressman's cellphone, listen to his calls and track his movements with his mobile phone number.

The Berlin-based team is made up of white-hat hackers who look for computer and device vulnerabilities so they can be fixed. They were able to access a test phone provided to U.S. Rep. Ted Lieu of California by using the global phone carrier network called Signaling System Seven (SS7).

However, critics of the 60 Minutes report said the SS7 network is not one that most hackers have access to, meaning the vulnerability is not one most people need to be concerned about. They also said the SS7 vulnerability is not a new discovery or development.

Individual Security Settings Have 'No Influence'

During last night's broadcast, Sharyn Alfonsi reported that German hacker Karsten Nohl and his team at Security Research Labs had legal permission from several phone carriers to access the SS7 network for their vulnerability research. "[T]he carriers wanted Nohl to test the network's vulnerability to attack," the report stated. "That's because criminals have proven they can get into SS7."

Nohl demonstrated how his team was able to listen in on Lieu's phone calls and even track his movements through the device's GPS chip. He noted the SS7 vulnerability isn't one that individual device owners can control through their security settings.

"[A]ny choices that a congressman could've made, choosing a phone, choosing a pin number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network," Nohl told 60 Minutes. "That of course, is not controlled by any one customer."

Hoping Media Attention Leads to Fix

Following last night's broadcast, some users on Reddit offered some criticisms about the implied risks. "To be able to take advantage of SS7, you have to have equipment that talks SS7 (either a simulator or a telephone switch), and convince other telephone companies that you are a telephone company, and get them to link and peer with you," Redditor isakmp wrote.

Another user wrote, "SS7 switches are both fewer in number and much more protected than even the switches that are routing core traffic for the Internet. This article is kind of like saying this . . . 'Look at how easy it is to steal the gold from Ft. Knox,' and then revealing that in order for this gold stealing 'hack' to take place all the doors were unlocked and the facility left unmanned."

In late 2014, the Washington Post reported that Nohl and another German security researcher, Tobias Engel, each discovered the SS7 vulnerabilities earlier that year.

"The researchers did not find evidence that their latest discoveries, which allow for the interception of calls and texts, have been marketed to governments on a widespread basis," the Post noted at that time. "But vulnerabilities publicly reported by security researchers often turn out to be tools long used by secretive intelligence services, such as the National Security Agency or Britain's GCHQ, but not revealed to the public."

Earlier today, hacker/security researcher Dino Dai Zovi noted in a tweet that Nohl "described that each carrier had to fix [the vulnerability] on *their* network individually. Consumers can't do anything to fix it." In another tweet, he added, "Maybe with nat'l media and congressional attn, those responsible for vuln will fix it."

Tell Us What You Think


Posted: 2016-04-23 @ 9:11am PT
The issue is so wide spread and "everyone does it" so people that know just turn a blind eye and hope it isn't them. I'm guessing NSA and other intel agencies don't want to see this fixed if it is this easy.

Posted: 2016-04-19 @ 12:48am PT
sounds like CBS were desperate for a non-story ..

Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.