Recently Germany-based security firm Karsten Nohl of Security Research Labs and a team of hackers highlighted how digital criminals can exploit mobile phones using a flaw in a global mobile network called Signalling System Seven (SS7) – a little-known, but an essential network that connects mobile phone carriers across the globe in an interview of 60 minutes.
Germany security expert says hacking into a smartphone is much easier than one would think giving digital thieves the ability to potentially track a person’s calls, texts and whereabouts. To demonstrate their findings, a team of experts spied on a phone used by US Congressman Ted Lieu from California, a member of the House Oversight and Reform Subcommittee on Information Technology, who agreed to use an off-the-shelf iPhone knowing it would be hacked.
Using the congressman’s phone number, Nohl, who has a doctorate in computer engineering from the University of Virginia, was able to exploit that flaw to intercept and record calls, view his contacts, read his texts and even track his movements.
“Any choices that a congressman could’ve made, choosing a phone, choosing a pin number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network,” said Nohl.
They also automatically logged the number of every phone that called Congressman Lieu as well. Lieu said this list, in a typical congressman’s phone, could include other members of Congress and elected officials.
“First, it’s really creepy. And second, it makes me angry,” said Lieu. “They could hear any call of pretty much anyone who has a smartphone. It could be stock trades you want someone to execute. It could be calls with a bank. Last year, the president of the United States called me on my cellphone. And we discussed some issues. So if the hackers were listening in, they would know that phone conversation. And that’s immensely troubling.”
A significant risk to political leaders, business executives and high-ranking officials whose private phone conversations could fetch a high price in the Dark Web, Nohl says the SS7 flaw is actually an open secret among the world’s intelligence agencies. He also notes that the key flaw lies in the mobile network itself.
“Mobile networks are the only place in which the problem can be solved,” said Nohl. “There is no global policing of SS7. Each mobile network has to move — to protect their customers on their networks. And that is hard.” According to Nohl, all phones are the same and no one phone is more secure than the other.
Hacker and co-founder of the mobile security company Lookout, John Hering, also assembled a group of ace hackers in a hotel room with the 60 Minutes team. The group of hackers who were in Las Vegas for Defcon – one of the largest hacker conferences in the world – try to identify security vulnerabilities in order to protect the public.