IN BRIEF
The famous ‘60 Minutes’ television show shocked some viewers Sunday evening when ateam of German hackers demonstrated how they spied on an iPhone used by U.S. Congressman, then recorded his phone calls and tracked his movement through LosAngeles.
Hackers leverage a security flaw in SS7 (Signalling System Seven) protocol that allowshackers to track phone locations, listen in on calls and text messages.
The global telecom network SS7 is still vulnerable to several security flaws that could let hackers andspy agencies listen to personal phone calls and intercept SMSes on a potentially massive scale, despite the most advanced encryption used by cellular networks.
All one need is the target's phone number to track him/her anywhere on the planet and eveneavesdrop on the conversations.
SS7 or Signalling System Number 7 is a telephony signaling protocol used by more than 800telecommunication operators around the world to exchange information with one another, cross-carrier billing, enabling roaming, and other features.
Hackers Spied on US Congressman's Smartphone
With US Congressman Ted Lieu's permission for a piece broadcast Sunday night by 60 Minutes, Karsten Nohl of German Security Research Labs was able to intercept his iPhone, record phone call made from his phone to a reporter, and track his precise location in real-time.
During the phone call about the cell phone network hacking, Lieu said: "First, it's really creepy, and second, it makes me angry."
"Last year, the President of the United States called me on my phone, and we discussed some issues," he added. "So if hackers were listening in, they'd know that phone conversation, and that is immensely troubling."
What's more awful is that the designing flaws in SS7 have been in circulation since 2014, when the same German researchers' team alerted the world to it. Some flaws were patched, but few apparently remain or intentionally left, as some observers argue, for governments to snoop on its targets.
The major problem with SS7 is that if any one of the telecom operators is hacked or employs a rogue admin, a large scale of information, including voice calls, text messages, billing information, relaying metadata and subscriber data, is wide open to interception.
The weakness affects all phones, whether it's iOS, Android, or whatever, and is a major security issue. Although the network operators are unwilling or unable to patch the hole, there is little the smartphone users can do.
How Can You Avoid this Hack?
The best mitigation is to use communication apps – that offers "end-to-end encryption" to encrypt your data before it leaves your smartphone – over your phone's standard calling feature.
Lieu, who sits on House subcommittees for information technology and national security, also argues for Strong Encryption that, according to the Federal Bureau of Investigation (FBI), make itharder to solve crimes.
Lieu strongly criticized the United States agencies, if any, that may have ignored such serious vulnerabilities that affect Billions of cellular customers.
"The people who knew about this flaw [or flaws] should be fired," Lieu said on the show. "You can't have 300-some Million Americans—and really, right, the global citizenry — be at risk of having their phone conversations intercepted with a known flaw, simply because some intelligence agencies might get some data."
Few of such apps that are popular and offers end-to-end encryption are Signal, WhatsApp, and Apple's iMessage service that keep users communications safe from prying eyes and ears.
