No Phone Is Safe from Hackers & Spies

The illusion of privacy is quickly breaking down with a recent revelation that hackers only need your phone number in order to listen in on phone calls, read texts or track your geographic location all through the phone’s network.

Not surprisingly, some politiciand like US Representative Ted Lieu (D-Calif.), whose phone was hacked as a demonstration of the flaw, is calling for an investigation.

The Signaling System No. 7 (SS7) is the back-end system that facilitates messages and billing between phone networks. It works well, but it’s flawed. Namely, the system allows remote access to data from anywhere in the world, regardless of security enabled on the device. That means no password can defend your phone against an attack.

“The applications for this vulnerability are seemingly limitless,” said Lieu, “from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring US government officials.”

Interestingly enough, encrypted services such as WhatsApp aren’t affected, but standard text messaging software used by millions is vulnerable.

The hack was first demonstrated in 2014 by German security expert Karsten Nohl at a hacker convention in Hamburg. Nohl demonstrated how easy it was to hack into Congressman Lieu’s phone for a special report by CBS News. Nohl was located in Berlin and used Lieu’s phone number to pinpoint the congressman’s location down to a certain section of Los Angeles, record his calls and read his text messages. It appears the only way to safeguard your phone is to turn it off, since the hack occurs on the network side.

“Hackers have proven that they can break into SS7, but security services, including the US National Security Agency, are also thought to use the system to track and snoop on target users,” wrote The Guardian reporter Samuel Gibbs.

The implications are huge, especially in wake of the recent tiff between the federal government and Apple over the San Bernardino shooter’s encrypted iPhone. Who knows how often the federal government uses this hack to listen in on phone calls and to read text messages?

In response to the fight between the government and Apple CEO Tim Cook, WhatsApp announced earlier this April that it rolled end-to-end encryption out to its over 1 billion users for all devices: Android, iPhones, Windows, Nokia and Blackberry phones. That means only the sender and receiver of a text, file, video or photo will be able to see the content while using the app. The encryption even blocks WhatsApp employees from viewing the data. Because WhatsApp’s encryptions occur on the network side, these messages are safe from the hack, which is reassuring for those who value privacy.

These days, the federal government has unprecedented access to our personal lives. All someone would have to do is look at our Facebook page, Instagram feed, Twitter feed or, as it turns out, use our phone number to find out where we’ve been, where we’re going and even what we plan to cook for dinner. That amount of access is unreasonable. If you know that hackers have been listening in to our calls since 2014, the government has used the technology in its favor, too.

AlternativeDaily

« Pushing Back Sexism - A New Era For Women In Technology.
Automated Malware Analysis Central to Defense Strategies »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Venafi

Venafi

Venafi is a world-class cyber-security company dedicated to protecting machine identities for our hyper-connected digital economy.

Infiltrate

Infiltrate

INFILTRATE is a deep technical conference that focuses entirely on offensive security issues.

techUK

techUK

techUK represents companies operating in the tech sector in the UK. Focus areas cover all aspects of ICT including cyber security.

Cyberint

Cyberint

Cyberint, the Impactful Intelligence company, fuses open-deep-and darkweb Threat Intelligence with Attack Surface Management to deliver maximum protection from external threats.

Cyber Discovery

Cyber Discovery

Cyber Discovery, the UK Government's Cyber Schools Programme, is a learning programme designed to give young people the opportunity to learn the skills needed to enter the cyber security profession.

Honeywell Process Solutions (HPS)

Honeywell Process Solutions (HPS)

Honeywell's Industrial Cyber Security Solutions help plants and critical infrastructure sectors defend the availability, reliability and safety of their industrial control systems.

Araxxe

Araxxe

Araxxe delivers Revenue Assurance, End-to-End Billing Verification and Interconnect Fraud Detection solutions to communication companies worldwide.

CyberSAFE Malaysia

CyberSAFE Malaysia

CyberSAFE Malaysia is an initiative to educate and enhance the awareness of the general public on the technological and social issues and risks facing internet users.

Schweitzer Engineering Laboratories (SEL)

Schweitzer Engineering Laboratories (SEL)

SEL specializes in creating digital products and systems that protect, control, and automate power systems around the world.

Police CyberAlarm

Police CyberAlarm

Police CyberAlarm is a free tool to help members understand and monitor malicious cyber activity. This service is made up of two parts; monitoring and vulnerability scanning.

Have I Been Pwned (HIBP)

Have I Been Pwned (HIBP)

Have I Been Pwned is a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.

Input Output (IOHK)

Input Output (IOHK)

IOHK is one of the world's pre-eminent blockchain infrastructure research and engineering companies.

Cloud Seguro

Cloud Seguro

Cloud Seguro are leaders in the development of cloud solutions, Ethical Hacking, Privacy and Information Security.

Cybastion

Cybastion

Cybastion develops robust world-class cybersecurity solutions tailored to suit the needs of different businesses, governments and public sector entities.

Nihka Technology Group

Nihka Technology Group

Nihka offers full end-to-end ICT solutions from business optimisation, data centre modernisation, cloud connection and management, and ICT security.

CarbonHelix

CarbonHelix

CarbonHelix provides cybersecurity services from US-based security operations centers that meet the highest compliance requirements.