Categories: MobilitySecurity

Researchers: Any Mobile Can Be Hacked Via Its Phone Number

IT security researchers have demonstrated that it’s possible to eavesdrop on mobile phone calls, track mobile users and read text messages simply by using a user’s phone number as an identifier.

Karsten Nohl, a German researcher, demonstrated the flaw for CBS news programme 60 Minutes in the US by hacking an off-the-shelf iPhone provided by the programme to Representative Ted Lieu, a California politician who’s part of a House of Representatives committee that oversees IT issues.

Provided only with the phone number of the new handset, Nohl, based in Berlin, was able to record Lieu’s conversations, read his text messages and track his movements within districts of Los Angeles.

Nohl and research team earlier disclosed the issue at the end of 2014, saying at the time he had successfully decrypted the mobile phone traffic of a German politician.

At the time, a number of mobile network service providers said they had patched the issue, but Deutsche Telekom acknowledged that efforts by individual networks wouldn’t be sufficient to solve the underlying problem, which lies with a set of telephony signalling protocols that date back to the 1970s.

The protocols, known as Signalling System No. 7 (SS7), also referred to as CCSS7 in the US, C7 in the UK or N7 in Germany, handle services required when one network links to another, such as number translation, local number portability, prepaid billing and SMS transport.

Because of the scale of the issue, any real fix would require an industry-wide effort, according to Telekom.

CBS noted that intelligence agencies are aware of the SS7 flaw and don’t necessarily want it fixed.

Specialist attack

Nohl, who is currently carrying out security tests on SS7 on behalf of several mobile networks, said the interception technique involves redirecting calls to the attacker’s own systems before forwarding them to the intended recipient, allowing calls to be monitored and recorded.

The attack requires expert knowledge of phone networks and specialist equipment, Telekom said.

CBS noted that the attack allows hackers to log all the numbers that call the affected phone, which can then be used to target other users.

“Last year, the president of the United States called me on my cellphone,” Lieu said in the report. “So if the hackers were listening in, they would know that phone conversation. And that’s immensely troubling.”

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Is the Digital Transformation of Businesses Complete?

Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…

11 hours ago

Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…

12 hours ago

OpenAI Adds ChatGPT Search Features

OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…

13 hours ago

Google Maps Steers Into Local Information With AI Chat

New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…

13 hours ago

Huawei Sees Sales Surge, But Profits Fall

US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…

14 hours ago

Apple Posts China Sales Decline, Ramping Pressure On AI Strategy

Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…

14 hours ago