A flaw in one part of the global cellphone network allows hackers to track phone locations and listen in on calls and text messages, 60 Minutes reported Sunday.
Hackers in Germany used the weakness in Signaling System Seven, or SS7, which carriers use to exchange billing information for roaming customers, in a demonstration to track and tap the calls of U.S. Rep. Ted Lieu (D-Calif.). 60 Minutes arranged the demonstration and Lieu knew hackers would be trying to tap his iPhone.
Anyone in the U.S. Government intelligence community who knew about the flaw and did nothing to fix it should be fired, Lieu said on the program.
Get Data Sheet, Coins2Day’s technology newsletter.
“You cannot have 300-some million Americans—and really, right, the global citizenry—be at risk of having their phone conversations intercepted with a known flaw, simply because some intelligence agencies might get some data,” he said. “That is not acceptable.”
The SS7 hack can’t be blocked by ordinary phone security measures, such as using a passcode or encrypting the contents of the phone. Even turning off GPS-based location tracking wouldn’t help, as the hackers rely on location data from the cellphone network itself.
Mobile network operators can take steps to block hackers from exploiting the SS7 weakness, but not all have done so successfully. Congressman Lieu was using a U.S. Network in Los Angeles that 60 Minutes did not identify.
The program wasn’t the first to report on the SS7 vulnerability. The Washington Post reported in 2014 that German hackers had uncovered the problem and revealed it at a conference in Hamburg.
The CTIA, the U.S. Wireless industry trade group, said the problem was mainly with overseas networks.
“U.S. Wireless providers remain vigilant to protect their networks and their customers,” the group said in a statement. “While we are aware of the research hackers’ manipulation to exploit SS7 technology in the international wireless networks, it’s important to note that they were given extraordinary access to a German operator’s network. That is the equivalent of giving a thief the keys to your house; that is not representative of how U.S. Wireless operators secure and protect their networks. We continue to maintain security as a top industry priority.”