No Phone Is Safe from Hackers & Spies

The illusion of privacy is quickly breaking down with a recent revelation that hackers only need your phone number in order to listen in on phone calls, read texts or track your geographic location all through the phone’s network.

Not surprisingly, some politiciand like US Representative Ted Lieu (D-Calif.), whose phone was hacked as a demonstration of the flaw, is calling for an investigation.

The Signaling System No. 7 (SS7) is the back-end system that facilitates messages and billing between phone networks. It works well, but it’s flawed. Namely, the system allows remote access to data from anywhere in the world, regardless of security enabled on the device. That means no password can defend your phone against an attack.

“The applications for this vulnerability are seemingly limitless,” said Lieu, “from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring US government officials.”

Interestingly enough, encrypted services such as WhatsApp aren’t affected, but standard text messaging software used by millions is vulnerable.

The hack was first demonstrated in 2014 by German security expert Karsten Nohl at a hacker convention in Hamburg. Nohl demonstrated how easy it was to hack into Congressman Lieu’s phone for a special report by CBS News. Nohl was located in Berlin and used Lieu’s phone number to pinpoint the congressman’s location down to a certain section of Los Angeles, record his calls and read his text messages. It appears the only way to safeguard your phone is to turn it off, since the hack occurs on the network side.

“Hackers have proven that they can break into SS7, but security services, including the US National Security Agency, are also thought to use the system to track and snoop on target users,” wrote The Guardian reporter Samuel Gibbs.

The implications are huge, especially in wake of the recent tiff between the federal government and Apple over the San Bernardino shooter’s encrypted iPhone. Who knows how often the federal government uses this hack to listen in on phone calls and to read text messages?

In response to the fight between the government and Apple CEO Tim Cook, WhatsApp announced earlier this April that it rolled end-to-end encryption out to its over 1 billion users for all devices: Android, iPhones, Windows, Nokia and Blackberry phones. That means only the sender and receiver of a text, file, video or photo will be able to see the content while using the app. The encryption even blocks WhatsApp employees from viewing the data. Because WhatsApp’s encryptions occur on the network side, these messages are safe from the hack, which is reassuring for those who value privacy.

These days, the federal government has unprecedented access to our personal lives. All someone would have to do is look at our Facebook page, Instagram feed, Twitter feed or, as it turns out, use our phone number to find out where we’ve been, where we’re going and even what we plan to cook for dinner. That amount of access is unreasonable. If you know that hackers have been listening in to our calls since 2014, the government has used the technology in its favor, too.

AlternativeDaily

« Pushing Back Sexism - A New Era For Women In Technology.
Automated Malware Analysis Central to Defense Strategies »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ODVA

ODVA

ODVA is a global trade and standards development organization whose members comprise the world’s leading industrial automation companies.

Cybonet

Cybonet

Cybonet provides easy to deploy, flexible and scalable security solutions that empower organizations of all sizes to actively safeguard their networks in the face of today’s evolving threats.

Jamcracker

Jamcracker

Jamcracker is a cloud services management and cloud governance solutions company, with more than a decade of experience providing industry leading software and services.

NSHC

NSHC

NSHC is a provider of mobile security solutions, cyber security consulting and training, and offensive research.

Gulf Computer Services Co (GCSC)

Gulf Computer Services Co (GCSC)

Gulf Computer Services is a major player in the field of networking & Communication solutions for emerging industries such as Internet Services and Information Technology in Saudi Arabia.

Mitre ATT&CK

Mitre ATT&CK

MITRE ATT&CK™ is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

Garland Technology

Garland Technology

Garland Technology specializes in network access points (TAPs) for 100% visibility allowing you to see every bit, byte, and packet flowing through your network.

Incopro

Incopro

Incopro is an online IP and brand protection software provider that arms brand owners with actionable intelligence to combat online and offline intellectual property and copyright infringements.

Tromzo

Tromzo

Tromzo's mission is to eliminate the friction between developers and security so you can scale your application security program.

ClearHub

ClearHub

The aim of ClearHub is simple: to give businesses like yours access to the best talent, all screened and technically tested by Clearvision’s expert team.

Saporo

Saporo

Saporo helps organizations increase their cyber-resistance. Continuously map your attack surface and get the recommendations you need to make your organization more resistant to attacks.

eCloudvalley Digital Technology

eCloudvalley Digital Technology

eCloudvalley Digital Technology is a born-in-the-cloud partner focused entirely on AWS services across APAC region.

GoPlus Security

GoPlus Security

GoPlus is working as the "security infrastructure" for web3, by providing open, permissionless, user-driven Security Services.

CYMAR

CYMAR

CYMAR The “CYBER” Smart Solution to offer sustainability and bring resilience to Global SMART Terminals and protect the supply chain of the World’s economy.

Quarkslab

Quarkslab

Quarkslab is a dedicated team of cyber-security engineers and developers. We aim at forcing the attackers, not the defender, to adapt constantly.

Gilsbar

Gilsbar

For more than half a century, Gilsbar has offered insurance service solutions and support for businesses and their employees.