Hackers only need to know the phone number used on the iPhone to be able to perform eavesdropping, read messages and track location.
Just knowing the subscriber’s number and by special techniques, hackers can eavesdrop on calls, read messages, and track device location.
The 60 Minutes CBS news program has invited hackers to showcase their capabilities. Test equipment is the new iPhone by US Senator Ted Lieu, who was invited to participate. The hacker group only knows the phone number, then easily eavesdrop on incoming and outgoing calls from the iPhone.
They do this by exploiting a security flaw discovered in Protocol Number 7, also known as SS7 (a set of phone protocols used to establish most of the calls in the network. PSTN).
The SS7 network is at the heart of the global mobile phone system. Companies use SS7 to exchange information. Billions of calls and text messages go through this protocol daily. This is a network that turns desktop phones into machines that can be carried anywhere.
Karsten Nohl, a German hacker and computer science doctor from the University of Virginia, unmasked the method of wiretapping for the first time at a Berlin security conference.
In addition to text calls and text messages, he also showed people the ability to track location from Senator Ted Lieu’s phone, even when the GPS on the iPhone was off.
It relies on the use of the popular Cell Tower Triangulation method for global positioning. At the same time, Nohl also knows the phone numbers of all incoming callers (or outgoing calls). This approach is not based on the ability to access iPhone, instead exploiting vulnerabilities of the cellular network.
Senator Ted Lieu is shocked to see what hackers can do: “Last year, the president of the United States called me on the phone. We discussed some issues. So if the hackers hear, they will know the entire contents of the conversation, including the President’s phone number. That is a worrying thing. ”
Nohl said the SS7 flaw has been widely known for several months, but for some reason the bug has not been fixed. “The ability to intercept phone calls through the SS7 network is used underground between intelligence agencies, and that may be why they do not want to patch the hole,” he said.
Congressman Ted Lieu expressed disappointment and said that it was unacceptable: “People who know about this hole should be fired. It can not leave more than 300 million Americans and citizens around the world in danger of a known error, simply because some intelligence agencies want to exploit it for data. That’s not acceptable”.
Meanwhile, the legal battle between Apple and the FBI has come to an end, they face each other in a testimony before the US Congress. Lawyer Bruce Sewell of Absentia and FBI Assistant Director of Operations Amy Hess will debate separately before the Commerce and Energy Commission.
Two members of the US Senate Intelligence Committee have proposed a bill that will force technology companies to decipher their equipment for future investigations and surveillance. Information security continues to be a hot topic in the United States.