No Phone Is Safe from Hackers & Spies

Uploaded on 2016-05-12 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The illusion of privacy is quickly breaking down with a recent revelation that hackers only need your phone number in order to listen in on phone calls, read texts or track your geographic location all through the phone’s network.

Not surprisingly, some politiciand like US Representative Ted Lieu (D-Calif.), whose phone was hacked as a demonstration of the flaw, is calling for an investigation.

The Signaling System No. 7 (SS7) is the back-end system that facilitates messages and billing between phone networks. It works well, but it’s flawed. Namely, the system allows remote access to data from anywhere in the world, regardless of security enabled on the device. That means no password can defend your phone against an attack.

“The applications for this vulnerability are seemingly limitless,” said Lieu, “from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring US government officials.”

Interestingly enough, encrypted services such as WhatsApp aren’t affected, but standard text messaging software used by millions is vulnerable.

The hack was first demonstrated in 2014 by German security expert Karsten Nohl at a hacker convention in Hamburg. Nohl demonstrated how easy it was to hack into Congressman Lieu’s phone for a special report by CBS News. Nohl was located in Berlin and used Lieu’s phone number to pinpoint the congressman’s location down to a certain section of Los Angeles, record his calls and read his text messages. It appears the only way to safeguard your phone is to turn it off, since the hack occurs on the network side.

“Hackers have proven that they can break into SS7, but security services, including the US National Security Agency, are also thought to use the system to track and snoop on target users,” wrote The Guardian reporter Samuel Gibbs.

The implications are huge, especially in wake of the recent tiff between the federal government and Apple over the San Bernardino shooter’s encrypted iPhone. Who knows how often the federal government uses this hack to listen in on phone calls and to read text messages?

In response to the fight between the government and Apple CEO Tim Cook, WhatsApp announced earlier this April that it rolled end-to-end encryption out to its over 1 billion users for all devices: Android, iPhones, Windows, Nokia and Blackberry phones. That means only the sender and receiver of a text, file, video or photo will be able to see the content while using the app. The encryption even blocks WhatsApp employees from viewing the data. Because WhatsApp’s encryptions occur on the network side, these messages are safe from the hack, which is reassuring for those who value privacy.

These days, the federal government has unprecedented access to our personal lives. All someone would have to do is look at our Facebook page, Instagram feed, Twitter feed or, as it turns out, use our phone number to find out where we’ve been, where we’re going and even what we plan to cook for dinner. That amount of access is unreasonable. If you know that hackers have been listening in to our calls since 2014, the government has used the technology in its favor, too.

AlternativeDaily

« Pushing Back Sexism - A New Era For Women In Technology.
Automated Malware Analysis Central to Defense Strategies »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

PlaxidityX

PlaxidityX

PlaxidityX (formerly Argus Cyber Security) is a global leader in mobility cyber security, provides DevSecOps, vehicle protection and fleet protection technologies and services.

Robert Bosch Centre for Cyber-Physical Systems (RBCCPS)

Robert Bosch Centre for Cyber-Physical Systems (RBCCPS)

RBCCPS is an interdisciplinary research and academic centre within the Indian Institute of Science focused on research in cyber-physical systems.

Managed Security Solutions (MSS)

Managed Security Solutions (MSS)

MSS deliver consultancy services and managed security services for IT departments who may lack the time, resources, or expertise themselves.

SecureNinja

SecureNinja

SecureNinja provides professional training, certifications & professional services related to all facets of Information Technology and Cyber Security.

Secberus

Secberus

SECBERUS creates cloud security technology to help organizations stay secure & compliant in the public cloud.

spiderSilk

spiderSilk

spiderSilk is a Dubai-based cybersecurity firm, specializing in simulating the most advanced cyber offenses on your technology so you can build your best security defenses.

Defensity

Defensity

Defensity offer bespoke & pre packaged IT Security Solutions for Small business to help companies reduce overall IT related risk.

Stealth Software Technologies

Stealth Software Technologies

Stealth Software Technologies is focused on the generation of research and software products focused on applied cryptography and cybersecurity.

Unlimited Technology

Unlimited Technology

Unlimited Technology offers a wide range of talent and experience, from assessing your requirements to implementing technologically advanced security solutions to best fit your needs.

UST

UST

UST is a global provider of digital technology and transformation, IT services and solutions including managed security services.

Proximus Ada

Proximus Ada

Proximus Ada is the first Belgian center of excellence combining artificial intelligence and cybersecurity.

CYGNVS

CYGNVS

CYGNVS is a guided cyber crisis response platform providing anytime, anyplace access. A SaaS platform for cyber crisis management – a safe way to connect and control your response.

Cryptr

Cryptr

Cryptr provides plug and play authentication to manage all your authentication strategies in one place with just a few lines of code.

Winslow Technology Group (WTG)

Winslow Technology Group (WTG)

Winslow Technology Group is a leading provider of IT Solutions, Managed Services, and Cybersecurity Services dedicated to providing exceptional business outcomes for our customers since 2003.

CyberGrape

CyberGrape

CyberGrape is a client centric managed services company, providing enterprise leading security solutions and helping companies through their IT risk and security challenges.

Sublime Security

Sublime Security

Sublime is an adaptive email security platform that combines best-in-class effectiveness with unprecedented visibility and control.