German hackers have demonstrated that all phones, including iPhones, are open to a mobile network vulnerability. This flaw gives hackers the ability to hack into phones with nothing more than a phone number. Using this vulnerability, hackers can listen to your calls, record them, track your location, and read text messages.
German hacker exploits the SS7 security flaw - yet again
Apple may take up the privacy and security issue with the government, but its devices aren't immune to hacking and snooping, as has been proved time and again. Karsten Nohl, a German Hacker, has now demonstrated a security flaw in the Signaling System Seven (SS7) that could be exploited to hack into any phone.
They were able to do it by exploiting a security flaw they discovered in Signaling System Seven — or SS7. It is a little-known, but vital global network that connects phone carriers.
[…] The SS7 network is the heart of the worldwide mobile phone system. Phone companies use SS7 to exchange billing information. Billions of calls and text messages travel through its arteries daily. It is also the network that allows phones to roam.
60 Minutes invited the hackers to demonstrate this flaw by giving a new iPhone to Congressman Ted Lieu, who agreed to participate in the test. Hackers were given nothing but the phone number. “As soon as I called Congressman Lieu on his phone, Nohl and his team were listening and recording both ends of our conversation,” Sharyn Alfonsi reports. “They were able to do it by exploiting a security flaw they discovered in Signaling System Seven— or SS7.” Using the SS7 security exploit, hackers were able to record calls and texts, track the Congressman's location even with the GPS turned off using cellphone tower triangulation, and log the phone numbers of everyone who called his phone.
Using this log, Nohl can also hack into the phones of Lieu's associates. He said that the political leaders and business executives are targeted the most by SS7 hacks since their "private communications could be of high value to hackers." This isn't the first time that a security flaw has been reported in SS7. Nohl said that intelligence agencies know this exploit, but don't want it fixed.
The ability to intercept cellphone calls through the SS7 network is an open secret among the world’s intelligence agencies - including ours - and they don’t necessarily want that hole plugged.
When Congressman was asked what would he say when the intelligence agencies would claim that this flaw is extremely valuable to them, he said "that the people who knew about this flaw and saying that should be fired."
While anyone with a cellphone is at the risk of this flaw, this isn't a commonly used vulnerability against the average user. When the hackers were asked if one phone is more secure than other, if iPhone is "more secure than an Android?" Nohl said, "All phones are the same."