SoylentNews

Phoenix666 [soylentnews.org] writes:

A US Congressman has learned first-hand just how vulnerable cellphones are to eavesdropping and geographic tracking [arstechnica.com] after hackers were able to record his calls and monitor his movements using nothing more than the public ten-digit phone number associated with the handset he used.

The stalking of US Representative Ted Lieu's smartphone was carried out with his permission for a piece broadcast Sunday night [cbsnews.com] by 60 Minutes. Karsten Nohl of Germany-based Security Research Labs [srlabs.de] was able to record any call made to or from the phone and to track its precise location in real-time as the California congressman traveled to various points in the southern part of the state. At one point, 60 minutes played for Lieu a crystal-clear recording Nohl made of one call that discussed data collection practices by the US National Security Agency. While SR Labs had permission to carry out the surveillance, there's nothing stopping malicious hackers from doing the same thing.

The representative said he had two reactions: "First it's really creepy," he said. "And second it makes me angry. They could hear any call. Pretty much anyone has a cell phone. It could be stock trades you want someone to execute. It could be a call with a bank."

The hack was done by accessing Signalling System No. 7, or SS7 [wikipedia.org], a telephony signalling language used by more than 800 telecommunication companies around the world to allow their networks to interoperate. SS7 is the routing protocol that, for instance, allows a T-Mobile subscriber to connect to the Deutsche Telekom network while traveling in Germany. It also provides a way for someone on one continent to send text messages to a phone located on another continent. SS7 also makes individuals' subscriber data available to anyone with access to SS7.

Original Submission