Security & Fraud

FCC Digs Deep In Spying Tech Used In ’60 Minutes’ Hack

The U.S. Federal Communications Commission announced its plans to study the technology behind the mobile hack that allows cybercriminals to gain unauthorized access to a device just by knowing a phone number.

The threat allows cybercriminals to use a device’s phone number to track the location of the phone itself, as well as snoop on phone calls and text messages. German security researcher Karsten Nohl recently demonstrated the hack for the CBS show “60 Minutes,” showing that the phone number associated with a brand new mobile device issued to U.S. Congressman Ted Lieu in California was all that was needed for him to access data and track movements of the phone — all from his base in Berlin.

“The ’60 Minutes’ report highlights the inherent risk encountered when an end-of-life technology is incrementally replaced by a new one,” David Simpson, head of the FCC’s Public Safety Bureau, said in a statement. Simpson explained that the security attack utilizes the mobile network interchange service called Signaling System No. 7 (SS7) — which is now transitioning to more advanced and modern technologies — to perform its malicious deeds.

Though the bugs can be addressed with filters, firewalls and other security methods, Simpson said he expects the hack to still be used on SS7 for another 10 to 15 years, The New York Times reported.

“The mobile network is independent from the little GPS chip in your phone; it knows where you are. So, any choices that a congressman could’ve made — choosing a phone, choosing a PIN number, installing or not installing certain apps — have no influence over what we are showing because this is targeting the mobile network,” Nohl said about the threat earlier this week.

He explained that the biggest threat for consumers is that they really have no way of protecting themselves from this type of attack on their privacy.

——————————

PYMNTS LIVE ROUNDTABLE: TUESDAY, JULY 14, 2020 AT 12:00 PM (ET)

Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.

Click to comment

TRENDING RIGHT NOW