Our phones are the fondest pieces of technology we have in our lives. Some of us have grown so attached to our phones that there is that “I’m missing something” feeling each time we leave the house without our phones in our pockets. Hackers, the bad guys we like to fear, have now come up with a way to hack phone number. This time round, rather than using malware to get into your phone, they are using the phone number itself. Nothing more. Then they can listen to your calls, read your texts and even know where you are.
Still Going Strong
This trick of using a phone number alone to hack the phone was first demonstrated by Karsten Nohl, a security researcher from Germany about a year ago. Recently, Nohl has again demonstrated that this loophole is still available and can be used by hackers to get into phones and other communication channels. The loophole being used by hackers is either too difficult to do away with or the exploitation is way too integrated into the phone to remove it.
Signalling System Number 7
Signalling System Number 7 is the network interchange service that allows networks to communicate. Literally, it is the service that allows calls and texts and other services connected to the phone to take place. It is referred to as C7 in the United Kingdom and CCSS7 in the United States and has been the main route used by hackers to spy on people. Government agencies such as the CIA are also notorious for taking advantage of this same flaw to hack phone numbers. Its use can be found in the transfer of SMS, translation of the number, and billing of a user’s number during SMS or calls.
How Far it Goes
Using this loophole, hackers can do so much more than people previously thought. Even more worrying is the fact that neither the network service provider nor the user will know about the tapping of the calls and texts. The C7 can be employed to read the text messages one has sent and received, find their location using mast triangulation, listen in to their calls and even access their call logs. All that is needed is your phone number.
No One is Safe
In demonstrating what the SS7 loophole could do, Nohl decided to perform the hack on a high profile individual who is none other than the US congressman Ted Lieu. He was able to track down the phone of the congressman from its location, read his texts, record his calls and much more. Nohl did all these while sitting in his Berlin office. If a high profile individual with a brand new phone and number can be snooped on this easily, what about the rest of the people? It is a scary situation.
The biggest and scariest issue has been that there is absolutely nothing users can do about this hack. It is not a case of Android versus iPhone or Windows or any other anymore. It is not about your phone number and the method you use to unlock it. Iris scanner? Fingerprint scanner? Pattern? PIN? Password? None of that stands in the way of this hack because it is executed on the network side and not your phone. As long as you have a phone number, you are vulnerable. Maybe switching off your device.
Nohl issued a statement that:
“The mobile network is independent of the little GPS chip in your phone, it knows where you are. So any choices that a congressman could’ve made, choosing a phone, choosing a pin number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network. That, of course, is not controlled by any one customer.”
Given that the loophole is yet to be sealed a year after it was found out, there could be many devices being hacked each day as time goes by. While the most likely case would be that of hackers breaking into people’s numbers, government agencies will also be making use of this flaw to snoop on people at will. While the government may be the lesser evil of the two groups, snooping remains snooping and nothing more or less. Until the communication service providers find a way out of this, it will remain a major risk for the billions of people all over the world with phone numbers. Pray that it finds that sooner rather than later.