Dive Brief:
-
Hackers can eavesdrop on phone calls, read text messages and pinpoint someone’s location through a simple loophole in cell phone security, according to a report that aired Sunday night by CBS News’ "60 Minutes."
-
To gain access, hackers exploit a flaw in Signaling System No. 7 (SS7), a system that orchestrates information sent between phone networks.
-
German security researcher Karsten Nohl first exposed the flaw more than two years ago, though there is no evidence that the Federal Communications Commission, which regulates cellular service, has addressed it.
Dive Insight:
To demonstrate the flaw, "60 Minutes" hacked into Rep. Ted Lieu’s cell phone with permission.
"They could hear any call," said Lieu, D-Calif. "It could be stock trades... it could be calls with a bank."
Smartphone apps that encrypt data before it leaves the phone – such as Signal, WhatsApp or Apple’s iMessage service – appear to be the only way to completely prevent such a hack at this time.
Given Apple’s high-profile battle with the Department of Justice as well as revelations such as this one about cell phone security, encryption is becoming a bigger selling point for both consumers and businesses alike.
Encryption will likely become the rule as companies face pressure and public scrutiny if they do not act to boost privacy. WhatsApp, for example, recently made end-to-end encryption the default setting for its mobile messaging application.
