CBS News’ "60 Minutes" ran a story about a phone carrier network vulnerability that has remain unpatched for years, even after being exposed by white hat hackers. The show gave Rep. Ted Lieu of California an iPhone, which was then hacked through a vulnerability in the Signaling System Seven (SS7) system used by carriers around the world to exchange billing information.
Back in December 2014, several white hat hackers, including Karsten Nohl, exposed how the carriers’ weakly protected SS7 system can be hacked by just about anyone, without too much expense. The targets could include even U.S. Congress members, as well as the U.S. President if he uses the regular carrier network for calls--as President Obama did last year when he called Rep. Ted Lieu of California directly, according to Lieu.
Hacking Rep. Ted Lieu's Phone
Karsten Nohl was contacted by the 60 Minutes team to try and hack the phone the team gave to Rep. Ted Lieu for this experiment. When the team later contacted Lieu, Nohl was able to hear their conversation with the Congressman, and he also recorded several subsequent calls Rep. Lieu made.
When the 60 Minutes crew played the recordings back to Lieu, he said it was creepy that hackers could do this to a Congressman, and that it also made him angry that the NSA knew about this but doesn’t want to fix the problem:
“They could hear any call of pretty much anyone who has a smartphone. It could be stock trades you want someone to execute. It could be calls with a bank,” Congressman Ted Lie noted in 60 Minutes segment.
“That the people who knew about this flaw and saying that should be fired. You cannot have 300-some million Americans--and really, right, the global citizenry be at risk of having their phone conversations intercepted with a known flaw, simply because some intelligence agencies might get some data. That is not acceptable,” he added.
Intelligence Agencies Must Take Responsibility For Weak Security
The phone networks both in the U.S. and abroad were built on weak security decades ago, in part because they didn’t realize how vulnerable these systems could be in the future, and in part because intelligence agencies wanted their phone calls to be easily intercepted. However, this has now backfired in a significant way, with any hacker from anywhere in the world being able to spy on phone calls or texts from a U.S. Congressman, or a judge, journalist, or anyone who they may deem a target.
This is yet another failure of the intelligence agencies and governments who put spying ahead of actual security. It’s now been proven again and again that when you put holes into a system’s security, those holes can be used by anyone once they're discovered. It’s usually just a matter of time until those holes are discovered, but then it may take many more years to fix, because it’s too hard to get all the global phone carriers to upgrade to a more secure system all at once.
We’re now about to upgrade to another next-generation network, the 5G network, but yet again it doesn’t seem like security is a primary focus. With 5G supposed to arrive by 2020, and then last for at least another 7-8 years before upgrading to something else, we’re looking at another 10-15 years in which the security of the phone networks would be vulnerable to hackers.
The intelligence agencies always seem to talk about how important cybersecurity and protecting critical infrastructures is (in which phone networks are included), but they never seem to prioritize strong security over the spying capabilities within these systems.
Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu.