You are here
Home > Hacking > Just your phone number is all a hacker needs to read texts, listen to calls and track you

Just your phone number is all a hacker needs to read texts, listen to calls and track you

by Jay Prakash Kumar -
Just your phone number is all a hacker needs to read texts, listen to calls and track you

Hackers have again demonstrated that no matter how many security precautions someone takes, all a hacker needs to track their location and snoop on their phone calls and texts(SMS) is their phone number.

The famous ‘60 Minutes’ television show shocked some viewers Sunday evening when a team of German hackers demonstrated how they spied on an iPhone used by U.S. Congressman, then recorded his phone calls and tracked his movement through Los Angeles.

The hack, first demonstrated by German security researcher Karsten Nohl in 2014 at a hacker convention in Hamburg, has been shown to still be active by Nohl over a year later for CBS’s 60 Minutes.

The hack uses the network interchange service called Signalling System No. 7 (SS7), also known as C7 in the UK or CCSS7 in the US, which acts as a broker between mobile phone networks. When calls or text messages are made across networks SS7 handles details such as number translation, SMS transfer, billing and other back-end duties that connect one network or caller to another.

By hacking into or otherwise gaining access to the SS7 system, an attacker can track a person’s location based on mobile phone mast triangulation, read their sent and received text messages, and log, record and listen into their phone calls, simply by using their phone number as an identifier.

Hackers Spied on US Congressman’s Smartphone

Nohl, who is currently conducting vulnerability analysis of SS7 for several international mobile phone networks, demonstrated the hack for the CBS show. He tracked a brand new phone given to US congressman Ted Lieu in California from his base in Berlin using only its phone number. Nohl pinpointed Lieu’s movements down to districts within Los Angeles, read his messages and recorded phone calls between Lieu and his staff.

During the phone call about the cell phone network hacking, Lieu said: “First, it’s really creepy, and second, it makes me angry.”
“Last year, the President of the United States called me on my phone, and we discussed some issues,” he added. “So if hackers were listening in, they’d know that phone conversation, and that is immensely troubling.”

Nohl said: “The mobile network is independent from the little GPS chip in your phone, it knows where you are. So any choices that a congressman could’ve made, choosing a phone, choosing a pin number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network. That, of course, is not controlled by any one customer.”

What Can We Do And How Can You Avoid

Nohl said: “The mobile network is independent from the little GPS chip in your phone, it knows where you are. So any choices that a congressman could’ve made, choosing a phone, choosing a pin number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network. That, of course, is not controlled by any one customer.”

The best mitigation is to use communication apps – that offers “end-to-end encryption” to encrypt your data before it leaves your smartphone – over your phone’s standard calling feature.

While encrypted messaging services such as WhatsApp , Signal , ChatSecure are unaffected.

Jay Prakash Kumar
If you have come this far, it means that you liked what you are reading. Why not reach little more and connect with me directly on Facebook or Twitter. Jay Prakash is a founder of Professional Hacker, Technical Writer, Software Developer, Security Analyst and Technology Enthusiast with a keen eye on the Cyber-world and other technology-related developments.
https://professionalhacker.in/
Top