All that hackers need to listen in on your phone conversation or to read your text messages or to track your movement is your smartphone number.
They can do this by exploiting a flaw in a global telecom network called Signal System 7 (SS7) that helps phone carriers across the world route calls and texts.
Now, a 60 minutes investigation has revealed just how easy it is to exploit this vulnerability, and according to experts, all phones are at risk.
The program sent an iPhone to congressman Ted Lieu, a member of the House Oversight and Reform Subcommittee on Information Technology.
He agreed to use the phone knowing it would be hacked by Security Research Labs in Berlin – and the results were surprising.
Using the congressman’s new phone number, the hackers accessed a flaw in SS7, a global network that connects phone carriers.
They were then able to access almost everything on his phone, including listening to and recording calls, tracking his movement and viewing his contacts.
Karsten Nohl, one of the hackers who cracked Lieu’s phone, said that all phones were at risk.
‘[We can] track their whereabouts, know where they go for work, which other people they meet when.
‘You can spy on whom they call and what they say over the phone. And you can read their texts.’
Criminals, commercial spies and suspected terrorists are allegedly exploiting the security loophole for their own benefit by accessing the system.
The flaws discovered by the German researchers are actually functions built into SS7 for other purposes.
These include keeping calls connected as users speed down highways, switching from cell tower to cell tower.
However, hackers worked out a way to repurpose the features for surveillance because of the lax security on the network.
The Berlin-based Security Research Lab, which discovered the problem last August, said a skilled person could exploit the flaws to eavesdrop on the phone calls, text messages and data traffic of billions of people.
‘It’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers,’ said The Washington Post when it first uncovered flaws in the system earlier this year.
Experts say it is one of the biggest threat to privacy breaches the world has ever seen.
60 Minutes points out that most hackers don’t go through SS7 to hack your device.
The show interviewed Lookout Security cofounder John Hering, who highlights some of the other ways that hackers can get access to a phone.
One technique was creating a ghost version of a hotel Wi-Fi system.
‘It looks very legitimate. So you’re connected?,’ says Hering.
Sharyn Alfonsi, the 60 minutes reporters, say: ‘I am.’
Hering: ‘And I have your email.
‘It’s coming through right now… know have a ride-sharing application up here, all the information that’s being transmitted, including your account ID, your mobile phone, which I just got the mobile number.
‘Then, more importantly, I have all the credit cards associated with – with that account.’
Last year, 60 Minutes, performed the same SS7 hack and showed it was able to intercept calls, steal data and geo-track someone’s location.
The investigation followed a phone conversation between the reporter speaking from Germany and Independent senator Nick Xenophon, who was at the Parliament House in Canberra at the time.
With the help from German hacker Luca Melette, who works as a consultant in security agencies, he demonstrated the process of tracking and bugging vulnerability of smartphones by tapping into SS7.
‘What if I could tell you senator, that it’s possible to listen in to any mobile phone from anywhere in the world – would you believe me?’ reporter Ross Coulthart asked as the hacker listened on.
But Mr Xenophon responded: ‘I find it very hard to believe.’
Mr Coulhart went on to ask the senator for consent to have their conversation recorded, in which Mr Xenophon said: This seems like science fiction, I don’t believe they can pull it off.
‘But if you reckon they can pull it off, I give my consent but I find this incredibly hard to believe.’
The The American Civil Liberties Union has even warned people against using their handset in light of the breaches.
‘Don’t use the telephone service provided by the phone company for voice,’ principle technologist Christopher Soghoian told Gizmodo.
‘The voice channel they offer is not secure.
‘You can use FaceTime, which is built into any iPhone, or Signal, which you can download from the app store.
‘These allow you to have secure communication on an insecure channel.’
He also believes that security agencies could be using the flaws.
‘Many of the big intelligence agencies probably have teams that do nothing but SS7 research and exploitation.
‘They’ve likely sat on these things and quietly exploited them.’