Calls, texts vulnerable to phone network security flaw

A hacker can listen in on your phone calls, read your text messages and see where you are and where you’ve been — and there’s little you can do about it.

The ability to access such personal communications and data is due to a security flaw in the protocols used to connect telephone networks. The flaw, which affects many cell phone networks around the world, makes such information vulnerable regardless of the type of phone a consumer is using.

“Mobile networks are the only place in which this problem can be solved,” Nohl, a German security researcher who helped identify the vulnerability, told CBS’ “60 Minutes” in a segment that aired Sunday night. “Each mobile network has to move– to protect their customers on their networks.”

Other attacks that reveal similar personal information typically require a hacker to have physical access to a consumer’s phone or to persuades a consumer to install malicious software. But with this vulnerability, a hacker need only know a device’s telephone number to gain access to a consumer’s communications and whereabouts.

The vulnerability lies within Signaling System 7 (or SS7), which is a set of protocols used around the world that allows consumers to make international calls, roam from one network to another and send text messages to anyone. The flaw allows a hacker to tap into calls and messages at the carrier, rather than through the phone. Because the carrier knows approximately where each phone is, because of their distance from various cell phone towers, a hacker exploiting the flaw can find consumers’ location even if they have turned off the location feature on their phones.

They only ways consumers can protect themselves from the flaw are to not use a cell phone at all or to only use services such as Signal or WhatsApp that encrypt phone calls or messages end-to-end so that they can’t be understood if they are intercepted.

Nohl and his colleagues first unveiled the flaws in Signaling System 7 (or SS7) protocols at a hacking conference in 2014. He demonstrated on the “60 Minutes” segment that the flaws can still be exploited, including here in the United States.

As a test, “60 Minutes” provided a cell phone to Rep. Ted Lieu, D-Los Angeles. Nohl showed that just by knowing the number of that phone, he and his colleagues were able to record Lieu’s phone conversations and track his location.

Lieu expressed alarm about the hack, noting that he has spoken on the phone with congressional colleagues and President Obama. Even if the flaw is vulnerable to U.S. intelligence agencies, it ought to be closed, he said.

“You cannot have 300-some million Americans– and really, right, the global citizenry be at risk of having their phone conversations intercepted with a known flaw, simply because some intelligence agencies might get some data,” Lieu told “60 Minutes.” “That is not acceptable.


File photo by AP Photo/M. Spencer Green.


Tags: , , ,


Share this Post