hehehe.....Hackers have again demonstrated that no
matter how many security precautions someone takes, all a hacker needs
to track their location and snoop on their phone calls and texts is
their phone number.
The hack, first demonstrated by German
security researcher, Karsten Nohl, in 2014 at a hacker convention in
Hamburg, has been shown to still be active by Nohl over a year later for
CBS’s 60 Minutes.
The hack uses the network interchange
service called Signalling System No. 7 (SS7), also known as C7 in the
United Kingdom or CCSS7 in the United States, which acts as a broker
between mobile phone networks. When calls or text messages are made
across networks, SS7 handles details such as number translation, SMS
transfer, billing and other back-end duties that connect one network or
caller to another.
By hacking into or otherwise gaining
access to the SS7 system, an attacker can track a person’s location
based on mobile phone mast triangulation, read their sent and received
text messages, and log, record and listen into their phone calls, simply
by using their phone number as an identifier.
Nohl, who is currently conducting
vulnerability analysis of SS7 for several international mobile phone
networks, demonstrated the hack for the CBS show. He tracked a brand new
phone given to US congressional representative, Ted Lieu, in California
from his base in Berlin using only its phone number. Nohl pinpointed
Lieu’s movements down to districts within Los Angeles, read his messages
and recorded phone calls between Lieu and his staff.
The biggest issue for consumers is that
there is little they can do to safeguard against this kind of snooping,
short of turning off their mobile phone, as the attack happens on the
network side, regardless of the phone used.
Nohl said, “The mobile network is
independent from the little GPS chip in your phone, it knows where you
are. So, any choices that a congressman could have made, choosing a
phone, choosing a pin number, installing or not installing certain apps,
have no influence over what we are showing because this is targeting
the mobile network. That, of course, is not controlled by any one
customer.”
Hackers have proven that they can break
into SS7, but security services, including the US National Security
Agency, are also thought to use the system to track and snoop on target
users.
- Source: Samuel Gibbs
Even if you keep your smartphone safe in
your pocket or purse, it is still at risk for picking up a virus or
leaking data to thieves. Hackers don’t need physical access to your
phone to steal your personal information or infect the device with
malware. They infiltrate your phone with innocent-looking apps or link
it via unsecured Wi-Fi networks. However, you can keep hackers from
getting the upper hand by taking the following steps to secure your
smartphone:
Step 1
Lock your phone when you are not using
it. Set a password and change it regularly to prevent others from
guessing it. Lock patterns are an alternative if you have trouble
remembering your password. Your phone may also have a facial-recognition
lock feature. If this is on, the device unlocks only when the camera
detects your face. Voice recognition is another option; with this turned
on, your phone needs to hear your voice say a specific word or phrase
to unlock.
Step 2
Activate your phone’s tracker
capability, if it has one. If your phone supports this feature, you can
see its location on a map and track the device when it moves. If your
phone is stolen or lost, use the tracker app to lock it remotely. This
makes it harder for hackers to access your data.
Step 3
Update your phone’s firmware to the most
current version. Many phones do this for you automatically, but if you
have turned this option off, you will need to download the update
manually. You can download the latest update directly from your phone.
Alternatively, connect your phone to the computer and launch the
software that came with the device. The application will connect to the
download Web page and install the firmware on your phone.
Step 4
Install apps on your phone only if they
come from a trusted source, such as the manufacturer’s app store. Most
official app stores verify the authenticity of their products, so they
are much safer. Before downloading any app, read the description and
reviews so you understand what you are getting.
Step 5
Check an app’s permissions before
installing it. If an app requests access to your personal information,
do not install it, simply deny the request.
Step 6
Avoid leaving your phone alone in a
public place, such as on a restaurant table or on your office desk. If
you must leave the phone, keep it locked and hide it somewhere, such as
in a drawer, to prevent theft.
Step 7
Delete text messages from unknown
senders that ask for your information, and avoid clicking links in
messages. Some hackers send messages that appear to be from your bank or
another trusted source. If you click the link in the message, the
hacker can steal your information or install malware on the phone. Do
not download apps via text message; this is a common way for hackers to
infect your device.
Step 8
Access the Internet on your phone only
from a secure Wi-Fi network. Wi-Fi networks that aren’t secure allow
nearby hackers to intercept your data when you get online. Don’t do any
shopping or banking on a public Wi-Fi network; hackers can swipe your
bank account number or other financial information. Instant-messaging
and other communications apps may contain security holes that allow
hackers to snatch your personal data. If you have access to a cellular
network, use it instead of public Wi-Fi.
Step 9
Protect your phone with an antivirus app. Check your phone’s app store to see what’s available for your device.
No comments:
Post a Comment