On the surface, your basic mobile phone number might seem like one of the least innocuous pieces of information that can be given out.
What harm can it do besides let people make phone calls to you? Even then, most of these can be ignored or otherwise roll over to voice mail.
A new report suggests that the phone number could be a gateway to much worse than some unpleasant calls.
The first word about this particular hack goes all the way back to 2014, but recently it has resurfaced, and it seems a bit stronger this time around.
With the phone number in hand, it’s possible for anyone who actually has the number to not only track the device, but read text messages and snoop on phone calls as well.
To accomplish all this, the hacker first needs to break into Signalling System No. 7 (SS7), a network interchange service that allows calls to connect between users.
Once that’s done, the specific phone numbers traffic can then be monitored in a style that sounds similar to a man-in-the-middle attack.
Worse yet, according to the flaw’s original discoverer Karsten Nohl—who actually managed to exploit the flaw to snoop on the movements of California Congressman Ted Lieu—is that there’s not much a regular person can do to protect themselves against such a hack.
Reasonable enough, especially since what’s required is to break into a completely separate system and use its access to get into our devices.
Really, the only reasonable protection involved is for SS7 to jack up its security to levels that might best be described as “paranoid.” If no one but authorized users can get into SS7, then this whole hack might be cut off at the roots.
At least for right now that seems to be the only real alternative aside from never handing out a mobile number; if no one has the number, no one can use it as a hacking point.
Sometimes, some threats are beyond our ability to protect ourselves. Here, only vigilance will provide us any measure of security as we watch for threats to emerge and respond accordingly, reacting after the fact.
It’s perhaps the worst kind of security plan, but in this case, it’s about all there is.
0 comments:
Post a Comment