While many of us think we know the extent of hackers can do, or at least that we can imagine it, new information would show that we’re completely mistaken in our assumptions. According to new data broadcast Sunday night on 60 minutes, there are far more things they can do that we can barely even begin to imagine.
For example, just so they can prove to the public that it can be done, a Germany-based cyber security company showed that hackers only need your phone number to eavesdrop on your calls, and even to locate you all over the world. And its’ all a pretty simple process, one that had apparently been known for quite a while.
For the public demonstration, US congressman Representative Ted Lieu gave permission to Karsten Nohl of the German cyber security group Security Research Labs to find out as much as he could about his day using just his phone number. This was all broadcasted on Sunday night, as part of 60 minutes.
Of course, the experiment was done to showcase the vulnerabilities we’re carrying around with us in the form of smart phones, and it showed that the white hat hacker could listen to crystal clear conversations that the congressman had, and also that he could easily track Lieu around different parts of southern California.
Well, it all has to do with a telephony signaling language used by more than eight hundred different telecommunications companies around the world to allow them to interconnect. Dubbed SS7, the language is what allows, for instance, T-Mobile users to connect to a different network when visiting another country.
There are two main problems with the signaling language. The first one is that it is only as strong as its weakest link. If any one of the over eight hundred companies has defenses low enough to be hacked, they are all at risk. Plus, the system is often used by banks to confirm that their clients are really near where they have made a huge purchase, so with enough skill, you could also attempt that route.
Yet another controversy
Proving once more that we can’t really let a day pass by without starting a whole controversy, it turns out that United States intelligence agencies have known for a long time about this vulnerability, and that they were all keeping silent. Of course, since it helps them, particularly the NSA, track users, it remained a commonly known secret among the heads of intelligence.
But this time, even the congressman has had enough. He claims that the people who knew about the vulnerability should all be fired. He stated that it’s totally not worth it for a few agencies to get their hands on some data at the expense of all the security and the myriad of personal data that could be leaked .
Image source: YouTube