Beware: any phone can be hacked by number
Vulnerability in mobile network communication system allows intruders to remotely hack any phone. The problem was discovered by German expert Karsten Nohl in the SS7 protocol, reports The Guardian.
Nohl notes that he first voiced the problem in 2014 at a hacking convention in Hamburg. However, so far mobile operators have not solved it, so the expert decided to draw attention to the vulnerability.
Hackers can use the internal exchange service “Signal System No. 7” (SS7). In the UK it is called C7, in the US it is called CCSS7, but the essence does not change: the system works as an intermediary between the mobile networks of different operators.
To identify a subscriber in this case, you only need to know the number of his or her cell phone
When calls or text messages are made between subscribers of different networks, SS7 processes the number of the transfer, sends SMS, bills and performs a number of other operations. An intruder who gains access to the system is able to track the subscriber’s location by triangulating the communication towers, read received and sent text messages, listen to and record calls.
How the method works, Nohl demonstrated on a show on CBS. The expert, who is now conducting a vulnerability analysis of the SS7 protocol for several cellular carriers, was in Berlin.
Knowing only the phone number of U.S. Congressman Ted Lewy, who was in California, Nohl performed the hack and accessed the information. He identified which streets of Los Angeles the congressman was traveling on, read his text messages, and listened to phone calls made by Lewy to his colleagues.
There’s no way to protect yourself
The problem is on the carrier side and the attack comes from the mobile network. It is practically impossible to defend oneself – the only way is to disconnect the phone if there is a suspicion of hacking.
The expert stressed that the difficulty of the hack does not depend on the model of the phone or its software
Nol also noticed that not only hackers are interested in the vulnerability. Special services can also use the hole in SS7 to track the movements of their targets and analyze their calls and SMS.