Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security Communications Privacy

Your Phone Number Is All a Hacker Needs To Read Texts, Listen To Calls and Track You (theguardian.com) 98

Samuel Gibbs, reporting for The Guardian: Hackers have again demonstrated that no matter how many security precautions someone takes, all a hacker needs to track their location and snoop on their phone calls and texts is their phone number. The hack, first demonstrated by German security researcher Karsten Nohl in 2014 at a hacker convention in Hamburg, has been shown to still be active by Nohl over a year later for CBS's 60 Minutes. The hack uses the network interchange service called Signalling System No. 7 (SS7), also known as C7 in the UK or CCSS7 in the US, which acts as a broker between mobile phone networks. When calls or text messages are made across networks SS7 handles details such as number translation, SMS transfer, billing and other back-end duties that connect one network or caller to another. By hacking into or otherwise gaining access to the SS7 system, an attacker can track a person's location based on mobile phone mast triangulation, read their sent and received text messages, and log, record and listen into their phone calls, simply by using their phone number as an identifier.Also from the report, "60 Minutes contacted the cellular phone trade association to ask about attacks on the SS7 network. They acknowledged there have been reports of security breaches abroad, but assured us that all U.S. cellphone networks were secure." Update: 04/18 16:51 GMT by M :Reader blottsie writes: U.S. Rep. Ted Lieu (D-Cali.) on Monday called for a full congressional investigation into the aforementioned widespread flaw in global phone networks.
This discussion has been archived. No new comments can be posted.

Your Phone Number Is All a Hacker Needs To Read Texts, Listen To Calls and Track You

Comments Filter:
  • Soooo.... (Score:5, Insightful)

    by John Napkintosh ( 140126 ) on Monday April 18, 2016 @10:42AM (#51932181) Homepage

    All they need is your phone number and access to the SS7 system.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      ...which you can get from a number of websites for a buck...

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        But GP's point is well taken. A hacker who is tapped into SS7 can eavesdrop on any conversation or texting. The "Your Phone Number" part is a minor point.

        • Re:Soooo.... (Score:5, Interesting)

          by Verdatum ( 1257828 ) on Monday April 18, 2016 @11:23AM (#51932489)
          I haven't been in the telecom world for a little while, but, IIRC, this is a tricky thing to do on 3G, and nearly impossible on 4G. You need to get access to the user's private key, which, if the system is coding correctly, you shouldn't have access to without cracking another box. 2G is insecure as Hell, but everyone knows that.

          And yeah, they don't even need your phone number, if you get access to the user's local network, figuring their phone number out is a breeze.

      • Re:Soooo.... (Score:4, Insightful)

        by konohitowa ( 220547 ) on Monday April 18, 2016 @11:04AM (#51932367) Journal

        Karsten Nohl and his team were legally granted access to SS7 by several international cellphone carriers. In exchange, the carriers wanted Nohl to test the network's vulnerability to attack. That's because criminals have proven they can get into SS7.

        http://www.cbsnews.com/news/60-minutes-hacking-your-phone/

        But yeah, totally available from a number of websites for a buck. It was just easier to get the carriers to give him access since he didn't actually have a dollar handy.

        • by zarr ( 724629 )
          A few weeks back, Telenor's network in Norway was down for hours, affecting about a million customers. They blamed it on an "unusual" SS7 package received from another network, which trtriggered a harware bug. Apparently that other network were doing som kind of security testing. I wonder if this was the same episode.
        • Re:Soooo.... (Score:4, Insightful)

          by Locke2005 ( 849178 ) on Monday April 18, 2016 @11:35AM (#51932571)
          No, it was LEGALLY easier to get the carriers to give them permission, otherwise they would be subject to arrest with they published their findings.
    • Which the government already has. Go back to sleep we're here for your protection.

    • I know. This really irritates me. With your phone number they can hack you read your texts and listen to your calls! Well, your phone number and unfettered direct access into the SS7 system. So what's next? All a hacker needs to due some identity theft on me in my SIN, bank card and pin, birth date, address, copy of my id, copy of my birth certificate.
    • Wow, the first comment on /. is actually the RIGHT one for a change! This place is slowly getting better!

      I used to write software for MSCs, an important part of mobile SS7 networks. And, yeah, big surprise, if you hack the thing that handles transporting messages that use an antiquated half-assed standard like SMS, then you can see unencrypted stuff. SHOCK. And yes, you would likely be able to access billing messages, but that doesn't mean Credit Card numbers. Billing messages means, "your account has mad

      • ... so who cares?"

        The media. So they can scare you, make you read ads, and profit. And politicians, so they can scare you, make you vote for them, and profit.

    • All they need is your phone number and access to the SS7 system.

      Getting access to SS7 isn't particularly [telcovillage.com] difficult [release14.org].

      • Re:Soooo.... (Score:4, Insightful)

        by Junta ( 36770 ) on Monday April 18, 2016 @01:06PM (#51933299)

        The point being that the access to SS7 is the story, *not* something about the phone device itself or something inherent to your phone number. The headline put out there in the media is focusing attention in the wrong direction.

        • No, I disagree. They're focusing attention on the _correct_ thing... in that someone, EXTERNAL TO YOUR PHONE, can "read texts, listen to calls [sic missing Oxford comma] and track you".

          Yes, they need access to SS7, but it's more surprising (IMHO) than the usual "anyone with physical access to your device could do anything" warnings, since they don't have physical access to your device.

          • by Junta ( 36770 )

            I think that would be better written as the phone networks themselves have risks. The current writing is vague about who to worry about here. People concerned may complain to Google, Apple, the handset makers, et. al, but they *all* should be complaining to their service provider.

            Stories are out there saying that if you get within miles of a hacker, they can eavesdrop on your phone. It still sounds like they are describing some sort of attack against your device. They make it worse by saying there are t

    • by ls671 ( 1122017 )

      Also, phone number seems to imply "cell phone number". I only have landline.

    • So all they need is to hack your phone company lol. That's like saying, hackers can steal your money! All they need is to hack your bank!
  • Day by day it seems more and more clear that what I keep hearing is true, and that functionally there is no such thing as 'privacy' anymore. If random hackers can do this, then governments sure as hell have been doing it, too. How much longer do you think before you can't even take a dump in your own home without someone watching you do it? We may as well just all walk around naked, with our bank account numbers, credit card numbers, ID numbers, and all our other very personal information tattooed on our ba
  • Uh duh (Score:5, Insightful)

    by 110010001000 ( 697113 ) on Monday April 18, 2016 @10:44AM (#51932201) Homepage Journal
    If you have access to the cell phone companies network, you can do what the cell phone companies do. Next on 60 Minutes: if a thief steals your car, he can drive it anywhere he wants to! Tune in at 11 for more SHOCKING details.
    • All they need is your VIN!
    • Automobile manufactures won't come out and give you a car if you call them and complain everyday, but cell phone companies will give you a femtocell for your house if you call them and complain every day. With the femtocell and sk1lz you have access to the cell phone network.
  • by gsslay ( 807818 ) on Monday April 18, 2016 @10:44AM (#51932203)

    "They acknowledged there have been reports of security breaches abroad, but assured us that all U.S. cellphone networks were secure."

    Oh, so that's alright then.

    • att is hardwired to the NSA.

    • by JustAnotherOldGuy ( 4145623 ) on Monday April 18, 2016 @10:53AM (#51932287) Journal

      "...but assured us that all U.S. cellphone networks were secure."

      Best joke I've heard all day. Right up there with, "Don't worry, it's unloaded!" or "I'm sure he'll stop for us, we have the right of way!"

      • by k6mfw ( 1182893 )
        I see this post was modded up as "Funny" but I think it should be "Insightful." Really, should treat cell networks as unsecured just treating all guns as loaded. There's some stuff you should never never put on a phone. Just like some stuff never never put on a computer that is connected to the internet. Yes, PITA. Usabilty vs. Security.
        • There's some stuff you should never never put on a phone. Just like some stuff never never put on a computer that is connected to the internet.

          Agreed 100%. I don't keep anything sensitive on my phone, period. For example, I don't do any banking from my phone. I don't use it for anything that could have what I think could might result in negative consequences to my finances or deeper personal data. Home address? Nope. Automated logins or stored passwords? Nope.

          Most of the photos I take with it get transferred to a desktop PC and don't live on the phone. Not all, but most. The ones that remain are pretty innocuous. The police could search my phone t

    • by Anonymous Coward on Monday April 18, 2016 @11:17AM (#51932457)

      With apologies to Arthur C. Clarke:

      When a distinguished but elderly computer scientist states that something is not secure he is almost certainly right. When he states that something is secure, he is very probably wrong.

  • it seems insecure is the default setting on all our gadgets.
    • by Junta ( 36770 )

      In this case, the network referenced is the one used by dumb phones. In fact, it's strictly the subset of things that a dumb phone can do (e.g. a smart phone doing IP traffic using appropriately secure TLS would be better protection than SMS and voice calls over a cell phone).

  • Phone calls. I remember those! Good times.
  • The original phone hackers used the "whistling" tones to hack into SS7. There was a blind phreak/hacker who was exceptionally good at this. They used band pass filters to keep the "signal" data from "voice" in analog transmission. Though the whistles and signal data was filtered out for the consumer's receiving end, it was not filtered by the exchange on the voice line from the customer. That is how they added spurious signals and avoided billing. Mostly got free phone calls.

    Surprised they are still using

    • by Anonymous Coward on Monday April 18, 2016 @10:55AM (#51932301)

      SS7 was the telco's efforts to block MFers using the "blue box"; Switching from in-band signalling to out-of-band signalling.

      SS7, however, provides some inter-carrier connectivity to enable roaming between carriers; With an IMSI, the visited network can ask the home network "can I give this IMSI service?"... and a deactivation from the home carrier's network to the visited carrier's switches can turn the phone off (used to suppress roaming fraud).

    • by raind ( 174356 )
      Captain Crunch - 2600
  • They acknowledged there have been reports of security breaches abroad, but assured us that all U.S. cellphone networks were secure."

    That statement should have read:

    They acknowledged there have been reports of security breaches abroad, but assured us that all U.S. cellphone networks were secure to the degree the NSA wants them to be secure."

  • Not sure why this is shocking to anyone. The only way cellphones work is be broadcasting who they are to everyone listening.
  • Saw the broadcast. It's old news for those of us in the biz but new for all the sheep using the mobile networks thinking they in any way are safe from unwanted attention. A good scare for those joined at the hip with their mobile. Assume you are being watched and listened to... because you probably are. C'mon this is 2016... privacy... really!!! Hack wise though this is like watching a magician pull a rabbit out of a top hat stuff though... move along Douglass.
  • by DNS-and-BIND ( 461968 ) on Monday April 18, 2016 @11:09AM (#51932405) Homepage
    SS7...wow, that takes me back. I thought it had gone out with the landline. Yeah, SS7 has to know your number, that's kind of the whole point of the system, to be able to set up and tear down the call, and to bill correctly. Out-of-band signalling was the death of the oldschool phone phreak, who depended on being able to send tones down the line to control the call. Good ol' Phrack. And idiotic Phrack writers who didn't know what they were talking about. It's a good thing they didn't have comment sections back then, only a periodic publication. Erik Bloodaxe, Voyager, Sirsyko, and when Mudge wasn't an establishment tool. Netta Gilboa. RBOCs. Dumpster diving behind the phone company's central offices. Good times.
    • Dumpster diving. Man, I used to get the coolest hardware from the old school computer stores back in the late 80s and 90s. The stuff they threw away still amazes me.
  • Total bullsh*t (Score:2, Interesting)

    by Anonymous Coward

    Mobile networks use two different SS7 networks, one for TCAP communication which includes SMS but not voice and one for ISUP which includes no voice and no SMS (it is a Signalling System). Voice has moved over to SIP from ISUP and the majority of all voice calls never leave the Mobile Switching Center(MSC) and thus there is nothing to tap. Additionally the Mobile Directory Number is not the key used for communication, the IMSI is.

    Basically, if you know a Mobile Directory Number and you could insert yourself

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Using the MSISDN you can get the IMSI from HLR using the right MAP operation, using the IMSI you could activate call forwarding unconditional for incoming calls loop it through your listening device and start listening to incoming calls, I am not sure how you would be able to listen in on outgoing calls. I am also not sure how the looking at text messages would work without having access to communication at the right place.

  • I watched the 60 minutes episode, it was Interesting.

    Does it work for POTS or VOIP as well? How about T-Mobiles IP calling feature?

    • by Shatrat ( 855151 )

      Between the network switches it's all SS7. If you have access to that, you have access to all telephony. It's a bit like BGP in the IP world.

    • SS7 was pretty much designed for POTS aka PSTN in the mid 70's. It's been extended over the years obviously. The attack is not generally not successful 100% of the time previous ones were saying 70% or so. A lot depends on where the attacker has access to the SS7 system.

  • by thinkwaitfast ( 4150389 ) on Monday April 18, 2016 @12:07PM (#51932799)
    not only that, I have them all memorized. Don't believe me? Here's one. (301)437-5529. Here's another.(207)844-627. And yet know even more. (902)887-8535. I even know your phone number. Doesn't matter what country or where you live. I know them all.
    • by Anonymous Coward
      Do you know Jenny's number? Just in case you don't it is 867-5309.
    • I know her number is 867-5309! ;)

  • Your Phone Number Is All a Hacker Needs To Read Texts, Listen To Calls and Track You

    Really? That's all a hacker needs?

    By hacking into or otherwise gaining access to the SS7 system...

    Oh. So "no" then.

    Hey, did you know that all a hacker needs to read your emails is your email address? Oh, and the ability to hack into the server that hosts your mail and bypass all its security.

  • by epine ( 68316 ) on Monday April 18, 2016 @12:50PM (#51933171)

    As it happens, I read Exploding the Phone by Phil Lapsley about a week ago, and it's still on my desk. It's a great book. If you like this kind of stuff (I know I do) this book contains as much material on the subject as can reasonably fit in under 400 pages. If you like this stuff, read it.

    The pertinent chapter for this thread is titled "A Little Bit Stupid" in which John Draper exploits recently automated [*] "busy verification" to eavesdrop on a primary line of the San Francisco FBI. How do you like them apples, with the roles reversed? (Hint: not very much, not very much at all.)

    [*] It had become a little bit too automated in certain large American cities, which additionally qualifies this material for the Boy Scout merit badge "Stolid and Stupider", though that's a much harder-to-tell story about design incompetence internal to greed-addled AT&T.

    Even though Draper bragged to a turncoat, he was still protected by the FBI's nearly impenetrable internal aura of "impossible things can't happen to us" until Draper demonstrated the technique while his turncoat buddy made a tape recording.

    "All hell broke loose," recalls an anonymous source familiar with the investigation. " ... Headquarters wanted this case solved, fast," the source remembers. "In thirty years, it's the most freedom I've ever seen special agents given in a case. All they had to do was sneeze and say, 'I need a Lincoln Continental' and there would be one parked out in front of the building. Headquarters wanted it solved, whatever it would take, and there were no questions asked.

    Why so much fuss? To protect the rectitude of lovable Uncle Sam? Probably not so much. Because tight-assed officialdom in positions of power say a great many things they definitely don't wish to defend against the harsh light of day? You be the judge.

    Really, I don't know how Lapsley managed to write this entire book and not intrude more into the obvious. Perhaps two hundred pages of draft manuscript hit the floor in the editing process. (I know every third sentence in my first draft would have contained judgmental invective.)

    Here's another thing that freaked out the FBI. The hackers weren't even savvy enough to try to market their incredible capability to the highest bidder (Sold!—to the secret undercover double-agent Flim Colby) and they weren't actually taking any money! or drugs! or prostitutes! so you can't even release the scent hounds.

    Alfred Hitchcock [goodreads.com]

    We are now having a very innocent little chat. Let's suppose that there is a bomb underneath this table between us. Nothing happens, and then all of a sudden, "Boom!" There is an explosion. The public is surprised, but prior to this surprise, it has seen an absolutely ordinary scene, of no special consequence. Now, let us take a suspense situation. The bomb is underneath the table and the public knows it, probably because they have seen the anarchist place it there.

    Action is where your crepuscular adversary has taped your intimate moments of conspiratorial graft and offered it up to the highest bidder. The FBI loves action.

    Suspense is where your glazed-doughnut adversary has recorded your intimate moments of conspiratorial graft, and doesn't even give a shit, so pretty soon compromising cassette tapes are bouncing around on the dashboard of some horrible mid-seventies beater or tossed randomly into a shoe box of bad Country and Western ($2 obo) at someone's yard sale. The FBI hates suspense.

    You see? I'm terribly prone to editorialising.

    Anyway, my point about the SS7 hack is pretty much "dog bites man". This kind of thing has been ubiquitous since the first long-hair envious AT&T engineer included "observability" in his desiderata concerning globally distributed systems undergoing a Groundhog Day–esque eternal-September late pubescent growth spurt.

  • So my non-tech friend who happens to be way too nice of a person crossed paths with a sociopath female who has been monitoring all his texts, calls and tracking him at different locations (and showing up) and then calling his ex girlfriends (or current ones) to let them know where he's at, who hes with and what's being said.. Being somewhat a tech person myself, we set up all new passwords, factory reset, two way authentication, changed his phone number, etc, etc... Now since I am not around him at all tim

The Shuttle is now going five times the sound of speed. -- Dan Rather, first landing of Columbia

Working...