A simple phone number may be all it takes for cybercriminals to gain access to a host of additional private and sensitive information found on a mobile device.
The hack, which was first reported back in 2014, has resurfaced again as still being active, and essentially, it lets anyone — government, hacker, etc. — with access to a phone number track the location of the phone itself, as well as snoop on phone calls and text messages, The Guardian reported on Monday (April 18).
By gaining unauthorized access into the network interchange service called Signalling System No. 7 (SS7), which acts as a broker between mobile phone networks, a hacker is able to use a specific phone number as an identifier to see a device's location, as well as read sent and received messages and even listen in on phone calls.
Karsten Nohl, the German security researcher who first discovered the vulnerability, recently demonstrated the hack for the CBS show "60 Minutes." According to The Guardian, he was able to use the phone number associated with a brand new mobile device issued to U.S. Congressman Ted Lieu in California to access data and track movements of the phone — all from his base in Berlin.
“The mobile network is independent from the little GPS chip in your phone; it knows where you are. So, any choices that a congressman could’ve made — choosing a phone, choosing a PIN number, installing or not installing certain apps — have no influence over what we are showing because this is targeting the mobile network,” Nohl said. He explained that the biggest threat for consumers is that they really have no way of protecting themselves from this type of attack on their privacy.