Your Phone Number Is All a Hacker Needs to Snoop
A security flaw in a mobile phone network lets hackers access a person's phone calls and text messages using only their phone number.
With all of the hub-bub raised around the Apple-FBI feud recently, it seems like breaking into a phone is nearly impossible.
But that's not the case. This past Sunday on the CBS show 60 Minutes, correspondent Sharyn Alfonsi spoke with German security researcher Karsten Nohl, who revealed a security flaw in a mobile phone network that lets hackers access a person's phone calls and text messages using only the phone number.
They flaw was first demonstrated by Nohl in 2014, and so far, it doesn't seem to have been fixed.
On the 60 Minutes segment, which you can watch here, Kohl demonstrated for Alfonsi how the hack worked by using a new phone given to US congressman Ted Lieu of California, who volunteered for the test.
To access Lieu's phone, Kohl and his colleagues exploited a security flaw in a global network called Signaling System Seven, or SS7, that connects phone carriers.
"The SS7 network is the heart of the worldwide mobile phone system," Alfonsi reports. "Phone companies use SS7 to exchange billing information. Billions of calls and text messages travel through its arteries daily. It is also the network that allows phones to roam."
After exploiting the flaw, Nohl showed how he could track Lieu's location using mobile phone tower triangulation, read text messages and listen in on phone conversations.
Thanks to an agreement between several international cellphone carriers, Nohl has legal access to the SS7 network in order to uncover flaws such as this. But unauthorized breaches have been reported to the cellular phone trade association and other hackers know about the flaw.
So what can you do to protect yourself? At the moment, nothing more than turning off your phone.