Update: Rep. Ted Lieu has now written to the Chairman of the House Committee on Oversight and Government Reform requesting a formal investigation into the vulnerability. In his letter, the Congressman says that the flaw threatens ‘personal privacy, economic competitiveness and U.S. national security.’ The full text of his letter can be found at the bottom of the piece.
Apple may take iOS security so seriously that it’s willing to do battle with the FBI over it, but German hackers have demonstrated that all phones – even iPhones – are susceptible to a mobile network vulnerability that requires nothing more than knowing your phone number. Armed with just that, hackers can listen to your calls, read your texts and track your position.
60 Minutes invited the hackers to prove their claims by giving a brand new iPhone to Congressman Ted Lieu – who agreed to participate in the test – and telling the hackers nothing more than the phone number. The hackers later replayed recordings they’d made of calls made on that iPhone …
They were able to do it by exploiting a security flaw they discovered in Signaling System Seven — or SS7 […] The SS7 network is the heart of the worldwide mobile phone system. Phone companies use SS7 to exchange billing information. Billions of calls and text messages travel through its arteries daily. It is also the network that allows phones to roam.
Karsten Nohl, a German hacker, with a doctorate in computer engineering from the University of Virginia, carried out the demonstration from a hacking conference in Berlin. In addition to recording calls and texts, he also demonstrated that he was able to track the Congressman’s location, even with the iPhone’s GPS turned off, using cellphone tower triangulation. Additionally, he was able to log the phone number of everyone who called the phone. None of this required any ability to access the iPhone itself, only the mobile networks.
Rep. Ted Lieu said that he was shocked by what the hackers had been able to achieve.
Last year, the president of the United States called me on my cellphone. And we discussed some issues. So if the hackers were listening in, they would know that phone conversation [and the President’s mobile number]. And that’s immensely troubling.
Nohl said that the SS7 vulnerability was well-known in some quarters, and that there was a reason it hasn’t yet been fixed.
The ability to intercept cellphone calls through the SS7 network is an open secret among the world’s intelligence agencies — -including ours — and they don’t necessarily want that hole plugged.
Lieu said that this was totally unacceptable.
The people who knew about this flaw and saying that should be fired. You cannot have 300-some million Americans – and really, right, the global citizenry – be at risk of having their phone conversations intercepted with a known flaw, simply because some intelligence agencies might get some data. That is not acceptable.
While the court battle between Apple and the FBI is over, they will again face off in Congress tomorrow. Apple general counsel Bruce Sewell and FBI executive assistant director Amy Hess will testify on separate panels before House Energy and Commerce subcommittee. Separately, two members of the Senate Intelligence Committee have proposed a bill to force tech companies to decrypt devices for law enforcement, though one Senator has vowed to block the legislation with a filibuster.