Sharyn Alfonsi: Is one phone more secure than another? Is an iPhone more secure than an Android?
Karsten Nohl: All phones are the same.
Sharyn Alfonsi: If you just have somebody’s phone number, what could you do?
Karsten Nohl: Track their whereabouts, know where they go for work, which other people they meet when– You can spy on whom they call and what they say over the phone. And you can read their texts.
We wanted to see whether Nohl’s group could actually do what they claimed — so we sent an off-the-shelf iPhone from 60 Minutes in New York to Representative Ted Lieu, a congressman from California…
As soon as I called Congressman Lieu on his phone, Nohl and his team were listening and recording both ends of our conversation…
They were able to do it by exploiting a security flaw they discovered in Signaling System Seven — or SS7. It is a little-known, but vital global network that connects phone carriers…
Karsten Nohl: I’ve been tracking the congressman…
Karsten Nohl: The congressman has been in California, more specifically the L.A. area, zoom in here a little bit, Torrance…
Sharyn Alfonsi: Are you able to track his movements even if he moves the location services and turns that off?
Karsten Nohl: Yes. The mobile network independent from the little GPS chip in your phone, knows where you are.
They did all that from a warehouse in Germany, starting with just a slip of paper with the cell phone number on it. From there they could get all the other phone numbers which talked with that phone number, and do the same things to those phones. You can see how fast any network’s operational security would fall apart the moment they used that cell phone network. All you’d need is one number, and you are in on the entire network’s communications.
That SS7 netowrk is what all cell phones access in order to send and receive calls and texts, so iPhone, Android, etc means nothing unless each end of the call uses a special phone which encrypts and decrypts the call end to end, and even then I wouldn’t be surprised to find they had infiltrated that company and inserted a backdoor in the encryption.
Have no doubt, it almost certainly isn’t an accident that exploit is still hanging around. If that hole could be easily closed, it would not be closed, until our domestic and international intelligence apparatus felt it had a suitable replacement.
So if you become a target of interest to them, if you use a cell phone, no matter what OS, they are listening to your calls. I’d bet all traffic on the SS7 network is recorded and stored, for later access. So if you dream of becoming somebody tomorrow, understand that on e day they will listen to your calls from yesterday.
Also interesting was how logging onto a Wifi network is immediately opening a door, given that you can never be absolutely sure the Wifi you log onto isn’t a spoof of the network you are trying to log onto, which could even be jammed prior to reaching you:
It started when we logged onto the hotel Wi-Fi — at least it looked like the hotel Wi-Fi. Hering had created a ghost version–it’s called spoofing.
Sharyn Alfonsi: I mean, this looks legitimate.
John Hering: It looks very legitimate. So you’re connected?
Sharyn Alfonsi: I am.
John Hering: And I have your email.
Sharyn Alfonsi: You have access to my email right now–
John Hering: Yeah. It’s coming through right now. I actually can s– I know have a ride-sharing application up here, all the information that’s being transmitted, including your account ID, your mobile phone, which I just got the mobile number. Then, more importantly, I have all the credit cards associated with– with that account.
When Sharyl Atkisson’s laptop had its malware updated (who would think they actually issue updates for the malware they put on their target’s machines?), it was done at a hotel. Little did she know the “Hilton Wifi” network she logged onto was a super strong signal being issued from the room next door, while the room below was jamming the weaker, but real Hilton Wifi signal she wanted.
Interesting stuff as we close on the Apocalypse. These times are just unreal. If events go badly at some point and the government is openly taken over by the rabbits and turns on the right, it will take some adjusting to the new intelligence landscape.
[…] 60 Minutes on SS7 Vulnerability And Cell Phone Interceptions […]
SS7 isn’t just cell phones, it is the entire phone network. Cell phones have the advantage of adding in location, because the SS7 network needs regular Location Updates from you phone to know which cell to route a call to you at. So your phone sends out a “here I am” signal every few minutes, and the SS7 system triangulates you. It used to do just a basic, “which tower has the strongest signal?” test, but then they figured out that they can manage soft handoffs between cells better if they knew your location to a higher degree of precision, so that is what they do.
(Full disclosure — I worked on a couple of SS7 patent cases about 10 years ago, but not much has changed, because it can’t.
SS7 doesn’t handle the actual call, though, so they aren’t recording the call or listening in to it from there. SS7 is responsible for the actual routing of the call, so you first get all the metadata for the account (because all of that is recorded for billing) and if you have full control of the network and not just monitoring what the network is doing, you can send it through a man-in-the-middle attack (routing both calls to a conference call that you also connect to and record.) You can set the forwarding feature up to do that automatically, so that every time you target called someone or was called, your phone would also ring. (Set that up to an automated system, and it answers that call and starts recording.)
None of this requires state sponsorship if you’ve cracked SS7 and can inject commands into the network.
The power is in the phones and other devices now to do the encrypting with TLS (SSL is crap now, been thoroughly hacked. Go now to your internet browser options, click on TLS and uncheck any SSL and refuse any connection that doesn’t use TLS, preferably the higher version number, go ahead, I’ll wait)….. *
But the phones and the phone companies don’t do it … why? well for the phone companies, overhead. Takes more bandwidth for them. And laziness. This will be like mandatory seatbelts in cars. Not the mandatory use, just the existence. People will continue fat DUMB and obliviously happy until something traumatizes them, like an apocalypse.
*not all web pages use ssl or tls. Just those that are HTTPS (s for secure), but ANY connection involving money (bank accounts, credit cards, the Department store website,. Amazon) all should be requiring a HTTPS connection and say that in the address bar.