A vulnerability in a little-known global network can be leveraged by hackers in order to view any connected user’s location, listen to their calls and harvest reams of personal data, according to a new report.
And while that flaw is an “open secret” among global intelligence agencies, the fact that they also use it means they are not helping to fix it.
A Sunday report on CBS’ “60 Minutes” said the flaw is in the Signaling System 7 network, which connects phone carriers. Once hackers have successfully penetrated that network, they can monitor any connected phone using just a phone number.
California Rep. Ted Lieu, a Democrat who serves on the House Committee on Information Technology, volunteered as a guinea pig for the report. A team of security experts based in Berlin demonstrated how they were able to exploit the flaw and track his location between San Francisco and Washington, D.C., even when GPS tracking was manually switched off, listen in on calls with his staff, and harvest the other numbers on his phone.
“First, it’s really creepy,” Lieu said. “And second, it makes me angry … They could hear any call of pretty much anyone who has a smartphone. It could be stock trades you want someone to execute. It could be calls with a bank.”
Lieu pointed out that by accessing his device, hackers could gain similar access to every contact he has saved. “There are other members of Congress, other elected officials. Last year, the president of the United States called me on my cellphone. And we discussed some issues. So if the hackers were listening in, they would know that phone conversation. And that’s immensely troubling.”
The sophisticated technical ability required to hack the SS7 network means that a majority of consumers should not be targeted by any of the hackers or intelligence agencies now roaming on its wire, leaving the billions of phone calls and text messages sent every day safe from prying eyes. The Berlin-based team who worked with Lieu were legally granted access by international cellphone carriers who wanted to learn more about the vulnerability.
Related Story: http://www.washingtonexaminer.com/article/2577390
Those who need to worry are those who already have the most reason to be concerned. Lieu said that was unacceptable, and that U.S. intelligence officials who have wittingly allowed the vulnerability to continue should be fired.
“You cannot have 300-some million Americans, and really, right, the global citizenry be at risk of having their phone conversations intercepted with a known flaw, simply because some intelligence agencies might get some data. That is not acceptable,” Lieu said.
