Dial H for hack: Criminals can track you just by knowing your mobile number

News
By Darren Allan
published

It doesn't matter what phone you have, because the hacker is exploiting the network

Mobile phones

Hackers can pull off all sorts of clever tricks these days, and it's now come to light that just by knowing a person's phone number, a malicious party can exploit a network flaw to listen to calls or read text messages.

In fact, making use of the flaw a hacker can not only listen to calls and determine who is being called, but it's possible to track the phone owner and see where they go throughout the day.

It's a scary level of compromise which can be cracked open just given the knowledge of the phone number, and it leverages a security flaw in SS7 (Signalling System Seven), a global network which connects mobile operators and facilitates the exchange of billing information (and allows for mobile phone roaming).

60 Minutes reported on the flaw in an interview with a team of German white hat hackers who are currently testing the limits of smartphone security.

Phone security irrelevant

As Karsten Nohl, who heads up the team, noted, even though you've likely never heard of the network, every single mobile phone uses SS7 to make calls or texts. The security measures on any phone are effectively irrelevant when it's the network the handset is using which is being compromised.

Nohl demonstrated the exploit in action, testing it against a Republican congressman over in the US who was given an off-the-shelf iPhone specifically for the experiment. Nohl successfully intercepted the politician's calls and tracked his movements across Washington and LA, just by knowing the phone number of the Apple handset.

While the German security team were legally granted access to SS7 to perform this test, cybercriminals have proved they can access the network previously.

So is a fix being worked upon by mobile operators? Well, there's the rub, because in a familiar story, intelligence agencies make use of this flaw for their own surveillance activities, and therefore don't necessarily want it patched.

Of course, exploiting this isn't trivial and only important targets such as politicians are likely to be the victims of attempted hacks. But while intelligence agencies might argue in favour of surveillance preventing terrorism, equally national secrets could be spilled into the wrong hands by this vulnerability.

As things are, technically speaking, no one with a smartphone is safe from spying.

Via: CNET

Darren Allan

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).