No Phone Is Safe from Hackers & Spies

Uploaded on 2016-05-12 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The illusion of privacy is quickly breaking down with a recent revelation that hackers only need your phone number in order to listen in on phone calls, read texts or track your geographic location all through the phone’s network.

Not surprisingly, some politiciand like US Representative Ted Lieu (D-Calif.), whose phone was hacked as a demonstration of the flaw, is calling for an investigation.

The Signaling System No. 7 (SS7) is the back-end system that facilitates messages and billing between phone networks. It works well, but it’s flawed. Namely, the system allows remote access to data from anywhere in the world, regardless of security enabled on the device. That means no password can defend your phone against an attack.

“The applications for this vulnerability are seemingly limitless,” said Lieu, “from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring US government officials.”

Interestingly enough, encrypted services such as WhatsApp aren’t affected, but standard text messaging software used by millions is vulnerable.

The hack was first demonstrated in 2014 by German security expert Karsten Nohl at a hacker convention in Hamburg. Nohl demonstrated how easy it was to hack into Congressman Lieu’s phone for a special report by CBS News. Nohl was located in Berlin and used Lieu’s phone number to pinpoint the congressman’s location down to a certain section of Los Angeles, record his calls and read his text messages. It appears the only way to safeguard your phone is to turn it off, since the hack occurs on the network side.

“Hackers have proven that they can break into SS7, but security services, including the US National Security Agency, are also thought to use the system to track and snoop on target users,” wrote The Guardian reporter Samuel Gibbs.

The implications are huge, especially in wake of the recent tiff between the federal government and Apple over the San Bernardino shooter’s encrypted iPhone. Who knows how often the federal government uses this hack to listen in on phone calls and to read text messages?

In response to the fight between the government and Apple CEO Tim Cook, WhatsApp announced earlier this April that it rolled end-to-end encryption out to its over 1 billion users for all devices: Android, iPhones, Windows, Nokia and Blackberry phones. That means only the sender and receiver of a text, file, video or photo will be able to see the content while using the app. The encryption even blocks WhatsApp employees from viewing the data. Because WhatsApp’s encryptions occur on the network side, these messages are safe from the hack, which is reassuring for those who value privacy.

These days, the federal government has unprecedented access to our personal lives. All someone would have to do is look at our Facebook page, Instagram feed, Twitter feed or, as it turns out, use our phone number to find out where we’ve been, where we’re going and even what we plan to cook for dinner. That amount of access is unreasonable. If you know that hackers have been listening in to our calls since 2014, the government has used the technology in its favor, too.

AlternativeDaily

« Pushing Back Sexism - A New Era For Women In Technology.
Automated Malware Analysis Central to Defense Strategies »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

authen2cate

authen2cate

Authen2cate offers a simple way to provide application access with our Identity and Access Management (IAM) solutions for enterprise, small business, and individual customers alike.

Tech Industry Forum (TIF)

Tech Industry Forum (TIF)

Tech Industry Forum is a not-for-profit, membership driven trade body. We bring together end users and some of the UK’s leading cloud, software, platform, infrastructure, and service providers.

CrowdStrike

CrowdStrike

CrowdStrike is a global provider of security technology and services focused on identifying advanced threats and targeted attacks.

Neowave

Neowave

Neowave designs, manufactures and markets strong authentication solutions based on smart card components and digital certificates.

Synectics Solutions

Synectics Solutions

Synectics deliver solutions for reducing risk, combating financial crime, and enabling organisations to meet their compliance and regulatory commitments.

XM Cyber

XM Cyber

XM Cyber is a leading hybrid cloud security company that’s changing the way innovative organizations approach cyber risk.

ITRecycla

ITRecycla

ITRecycla are specialists in the protection of sensitive computer data by data destruction, re-marketing of reusable computer equipment, computer recycling and disposing of electronic e-waste.

oneM2M

oneM2M

oneM2M is a global organization creating a scalable and interoperable standard for communications of devices and services used in M2M applications and the Internet of Things.

Blockchain Research Institute (BRI)

Blockchain Research Institute (BRI)

Blockchain Research Institute (BRI) is an independent, global think-tank. We bring together the world’s top global researchers to undertake ground-breaking research on blockchain technology.

YL Ventures

YL Ventures

YL Ventures funds and supports brilliant Israeli tech entrepreneurs from seed to lead.

MISP Project

MISP Project

The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators.

e360

e360

e360 (formerly Entisys360) is an award-winning IT consultancy specializing in advanced IT infrastructure, virtualization, security, automation and cloud first solutions.

CybX Security LLC

CybX Security LLC

CybX is the first company of its kind to merge the practice of computer forensics with computer security and information security.

BlackRidge Technology

BlackRidge Technology

BlackRidge Technology develops, markets and supports a family of products that provide a next generation cyber security solution for protecting enterprise networks and cloud services.

DHCO IT

DHCO IT

The DHCO IT team are experts in IT support, cyber security, cloud support and disaster recovery, and are Microsoft 365 partners.

Maverits

Maverits

At Maverits, we are on a mission to reshape the cybersecurity landscape. We offer a wide range of services, including Threat Intelligence, Incident Response, Consulting & Training.