Over the weekend 60 Minutes raised a few eyebrows with a report claiming that it simply takes a cell phone number to hack most cell phones. In the report, 60 minutes gives a new iPhone to California Representative Ted Lieu, and then challenged a group of hackers to hack the device. They were immensely successful not because of vulnerabilities in the iPhone, but because of a vulnerability in Signaling System 7 (SS7, or Common Channel Signalling System 7 in the US), a series of protocols first built in 1975 to help connect phone carriers around the world.
The hackers were not only able to track the Representative’s location data, but record his conversations.
The flaw isn’t new; a group of German hackers revealed the vulnerability in late 2014. It’s believed that the intelligence community has known about the vulnerability even earlier, and the hackers note that nothing has been done to shore up the flaw since German hacker Karsten Nohl first demonstrated it.
While the exact details of the hack haven’t been revealed, in short, once the hackers have access to SS7, they can have the system covertly send recorded phone calls, as well as copies of encryption keys. To the network, the intrusion looks like like carrier to carrier chatter among a sea of other, “privileged peering relationships.”
Lieu, who was obviously in on the experiment, has called for an investigation into the flaw.
The applications for this vulnerability are seemingly limitless, from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring U.S. government officials, he wrote in a letter to the leaders of the committee. The vulnerability has serious ramifications not only for individual privacy, but also for American innovation, competitiveness and national security.
The US Wireless industry’s top trade organization, the CTIA, downplayed the threat in a statement.
“While we are aware of the research hackers manipulation to exploit SS7 technology in the international wireless networks, it s important to note that they were given extraordinary access to a German operator s network,” the organization said in a statement. “That is the equivalent of giving a thief the keys to your house; that is not representative of how U.S. wireless operators secure and protect their networks. We continue to maintain security as a top industry priority.”
The problem is that the keys to the house (SS7, in this case) don’t appear to be all that well protected. Of course the hackers were quick to note that the SS7 vulnerability was just one tool in an over-stuffed toolbox that helps them gain access to an ocean of increasingly not-so-private communications.