Weaknesses in telecommunications security allow criminals or governments to remotely snoop on anyone on the planet using just a phone number, according to a new report by a German security researcher.
Security researcher Karsten Nohl recently demonstrated that a single phone number can be used to read texts, listen to calls, and track the location of a mobile device.
In other words, if a government agency or criminal has your phone number, they can spy on all types of phone data.
The hack was first demonstrated by Nohl in 2014 at a hacker convention in Hamburg. A year later, Nohl demonstrated the hack once again on CBS’s 60 Minutes – showing that the security loophole still hasn’t been closed.
How Does this Hack Work?
This hack uses a network interchange service called Signaling System No. 7 (SS7) also known as C7 in the UK or CCSS7 in the United States.
This interchange service acts as a broker between mobile phone networks. So when you call someone on a Verizon network from your AT&T phone, the interchange service helps to transfer calls or text messages by performing tasks like number translation, SMS transfer, billing, and other back-end duties that allow us to have multiple networks working simultaneously.
Hackers can gain access to this SS7 system (through legitimate access privileges or by hacking into the system). Then, an attacker can track a person’s location by checking the mast triangulation data attached to that phone number.
While they’re in there, they can also listen to phone calls, read send and received text messages, and record ongoing conversations – all without knowing more than a phone number.
The Hack Was Used to Track a Congressman’s Phone
When the hack was demonstrated on 60 minutes, Nohl gave a brand new mobile phone to US congressman Ted Lieu in California.
Then, from his base in Berlin, Nohl was able to pinpoint Lieu’s movements down to a few districts within Los Angeles while also reading his message and recording his phone calls.
All Nohl knew about the phone was the phone number. You don’t need to know the make, model, or other information.
The reason this works is, as Nohl explains, ““The mobile network is independent from the little GPS chip in your phone, it knows where you are. So any choices that a congressman could’ve made, choosing a phone, choosing a pin number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network. That, of course, is not controlled by any one customer.”
The System is Thought to Be Used by the NSA and Hackers
Hackers have already proven that they can break into SS7. Government agencies like the US National Security Agency are also thought to use the system to track their targets, according to a report by The Guardian.
So basically, you should just snap your phone in half and throw it in the ocean. Because you’re going to get tracked no matter what.