The U.S. Federal Communications Commission announced its plans to study the technology behind the mobile hack that allows cybercriminals to gain unauthorized access to a device just by knowing a phone number.
The threat allows cybercriminals to use a device’s phone number to track the location of the phone itself, as well as snoop on phone calls and text messages. German security researcher Karsten Nohl recently demonstrated the hack for the CBS show “60 Minutes,” showing that the phone number associated with a brand new mobile device issued to U.S. Congressman Ted Lieu in California was all that was needed for him to access data and track movements of the phone — all from his base in Berlin.
“The ’60 Minutes’ report highlights the inherent risk encountered when an end-of-life technology is incrementally replaced by a new one,” David Simpson, head of the FCC’s Public Safety Bureau, said in a statement. Simpson explained that the security attack utilizes the mobile network interchange service called Signaling System No. 7 (SS7) — which is now transitioning to more advanced and modern technologies — to perform its malicious deeds.
Though the bugs can be addressed with filters, firewalls and other security methods, Simpson said he expects the hack to still be used on SS7 for another 10 to 15 years, The New York Times reported.
“The mobile network is independent from the little GPS chip in your phone; it knows where you are. So, any choices that a congressman could’ve made — choosing a phone, choosing a PIN number, installing or not installing certain apps — have no influence over what we are showing because this is targeting the mobile network,” Nohl said about the threat earlier this week.
He explained that the biggest threat for consumers is that they really have no way of protecting themselves from this type of attack on their privacy.