No device is completely safe, no operating system is inviolable. A group of German hackers demonstrated how well it is possible to eavesdrop on iPhone using the mobile network vulnerabilities.
Apple and FBI will also continue to argue over who gets to help those who, when and how, but, in the meantime, a group of German hackers demonstrated how all phones, including the iPhone, are subject to a serious vulnerability of the mobile network. Just knowing the phone number of a user to listen to conversations, read the SMS or pinpoint the location of the device.
The television program on CBS, 60 Minutes, invited studio hackers to witness their affirmation. It 'been given an iPhone to Representative Ted Lieu - who agreed to participate in the test - which has only provided the hacker only their phone number who reported all calls made to and from that phone.
They managed to intercept conversations exploiting a security flaw in the network SS7 , the heart of the global mobile phone system. The telephone companies use this set of protocols for the exchange of billing information. Every day billions of calls and messages run through this communication system.
Karsten Nohl, a German hacker with a doctorate in computer engineering from the University of Virginia has demonstrated the flaw by a hacker conference in Berlin. In addition to calls and text messages, Nohl showed how it was possible to trace the location of the device provided to a member of Congress even with the iPhone GPS turned off, thanks to cellular triangulation and was able to record all the phone numbers you have called the deputy. Without intervening on the device but only thanks to the mobile network.
Ted Lieu said he was upset about the demonstration:
Last year, the US President called me on my cell phone, and we talked about several issues. If hackers were listening would know everything that we said but, also, they would have the cell phone number of the president. This is immensely disturbing.
Nohl said that the SS7 network vulnerability is well known, and there is a reason why nobody has yet stepped in to fix it:
The ability to eavesdrop on cell phone calls through the SS7 network is a secret of the intelligence agencies around the world to which the casings must not be correct.
For deputy Lieu, all this remains unacceptable " The people who knew about this problem and did nothing to correct it should be fired. It is possible that 300 million Americans and the rest of the world should be at risk interception for a known bug only because the intelligence services can exploit it. It is not acceptable. "
No comments:
Post a Comment