“Apple may take iOS security so seriously that it’s willing to do battle with the FBI over it, but German hackers have demonstrated that all phones – even iPhones – are susceptible to a mobile network vulnerability that requires nothing more than knowing your phone number,” Ben Lovejoy reports for 9to5Mac. “Armed with just that, hackers can listen to your calls, read your texts and track your position.”
“60 Minutes invited the hackers to prove their claims by giving a brand new iPhone to Congressman Ted Lieu – who agreed to participate in the test – and telling the hackers nothing more than the phone number. The hackers later replayed recordings they’d made of calls made on that iPhone,” Lovejoy reports. “Karsten Nohl, a German hacker, with a doctorate in computer engineering from the University of Virginia, carried out the demonstration from a hacking conference in Berlin. In addition to recording calls and texts, he also demonstrated that he was able to track the Congressman’s location, even with the iPhone’s GPS turned off, using cellphone tower triangulation. Additionally, he was able to log the phone number of everyone who called the phone. None of this required any ability to access the iPhone itself, only the mobile networks.”
Lovejoy reports, “Nohl said that the SS7 vulnerability was well-known in some quarters, and that there was a reason it hasn’t yet been fixed. ‘The ability to intercept cellphone calls through the SS7 network is an open secret among the world’s intelligence agencies — -including ours — and they don’t necessarily want that hole plugged.'”
Read more in the full article here.
MacDailyNews Take: Not an iPhone or iOs vulnerability, specifically, but a mobile network vulnerability.