No Phone Is Safe from Hackers & Spies

The illusion of privacy is quickly breaking down with a recent revelation that hackers only need your phone number in order to listen in on phone calls, read texts or track your geographic location all through the phone’s network.

Not surprisingly, some politiciand like US Representative Ted Lieu (D-Calif.), whose phone was hacked as a demonstration of the flaw, is calling for an investigation.

The Signaling System No. 7 (SS7) is the back-end system that facilitates messages and billing between phone networks. It works well, but it’s flawed. Namely, the system allows remote access to data from anywhere in the world, regardless of security enabled on the device. That means no password can defend your phone against an attack.

“The applications for this vulnerability are seemingly limitless,” said Lieu, “from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring US government officials.”

Interestingly enough, encrypted services such as WhatsApp aren’t affected, but standard text messaging software used by millions is vulnerable.

The hack was first demonstrated in 2014 by German security expert Karsten Nohl at a hacker convention in Hamburg. Nohl demonstrated how easy it was to hack into Congressman Lieu’s phone for a special report by CBS News. Nohl was located in Berlin and used Lieu’s phone number to pinpoint the congressman’s location down to a certain section of Los Angeles, record his calls and read his text messages. It appears the only way to safeguard your phone is to turn it off, since the hack occurs on the network side.

“Hackers have proven that they can break into SS7, but security services, including the US National Security Agency, are also thought to use the system to track and snoop on target users,” wrote The Guardian reporter Samuel Gibbs.

The implications are huge, especially in wake of the recent tiff between the federal government and Apple over the San Bernardino shooter’s encrypted iPhone. Who knows how often the federal government uses this hack to listen in on phone calls and to read text messages?

In response to the fight between the government and Apple CEO Tim Cook, WhatsApp announced earlier this April that it rolled end-to-end encryption out to its over 1 billion users for all devices: Android, iPhones, Windows, Nokia and Blackberry phones. That means only the sender and receiver of a text, file, video or photo will be able to see the content while using the app. The encryption even blocks WhatsApp employees from viewing the data. Because WhatsApp’s encryptions occur on the network side, these messages are safe from the hack, which is reassuring for those who value privacy.

These days, the federal government has unprecedented access to our personal lives. All someone would have to do is look at our Facebook page, Instagram feed, Twitter feed or, as it turns out, use our phone number to find out where we’ve been, where we’re going and even what we plan to cook for dinner. That amount of access is unreasonable. If you know that hackers have been listening in to our calls since 2014, the government has used the technology in its favor, too.

AlternativeDaily

« Pushing Back Sexism - A New Era For Women In Technology.
Automated Malware Analysis Central to Defense Strategies »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Kaspersky Lab

Kaspersky Lab

Kaspersky Lab is one of the world’s largest privately held vendors of endpoint cybersecurity solutions.

Adeptis Group

Adeptis Group

Adeptis are experts in cyber security recruitment, providing bespoke staffing solutions to safeguard your organisation against ever-changing cyber threats.

Identillect Technologies

Identillect Technologies

Identillect Technologies provide a user-friendly secure email solution to protect critical information, with an emphasis on simplicity.

CounterCraft

CounterCraft

The CounterCraft Cyber Deception Platform fits seamlessly into existing security strategies and delivers high-end deception for threat hunting and threat detection.

adaware

adaware

adaware is an award-winning security and privacy software provider, empowering users to connect with confidence.

Wipe-Global

Wipe-Global

Wipe-Global is specialized in data erasure with an international established service partner network.

Presidio

Presidio

Presidio is a leading North American IT solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.

Purism

Purism

Purism works with hardware component manufactures and the free software community to build high quality hardware that respects your digital life.

ASRC Federal

ASRC Federal

ASRC Federal’s mission is to help federal civilian, intelligence and defense agencies achieve successful outcomes and elevate their mission performance.

ABM Technology Group

ABM Technology Group

ABM Technology Group (formerly True IT) provide business information technology services, solutions, and consulting for small to mid-sized organizations.

Excite Cyber

Excite Cyber

Excite Technology Services (formerly Cipherpoint) is focused on improving the security posture of our customers.

Third Wave Innovations

Third Wave Innovations

Third Wave Innovations (formerly RCS Secure) offers a full spectrum of cybersecurity safeguards and IT services.

Cybit

Cybit

Cybit is the one-stop-shop for digital transformation that scales in line with your growth.

TELUS

TELUS

TELUS provide Canadian businesses with the services and solutions they need to securely thrive in a digital world. Partner with a cybersecurity leader you can rely on.

IndoSec

IndoSec

IndoSec is an annual cybersecurity summit that powers an in-person gathering of cybersecurity leaders from Indonesia’s major corporations, leading businesses and key government entities.

Skylark

Skylark

Skylark is a leading global IT services provider, transforming client’s businesses through innovative and advanced technology solutions.