[NewsPoster]

Security researchers have demonstrated they are able to monitor a live phone call between two parties, without resorting to an attack of either party's smartphone. A group of hackers in Germany showed that a phone call between a congressman and a reporter could be listened into and recorded by an outside party, highlighting that while device security is an important part of keeping content private, the calls themselves are still insecure.

The investigation by 60 Minutes on Sunday involved a new iPhone being provided to Representative Ted Lieu (D-CA), while only the phone number was provided to Security Research Labs of Berlin. The hacking group was able to listen in to both sides of the conversation, by abusing a vulnerability in the way calls are handled, without interfering with either party's mobile devices.

The vulnerability itself is in telephony protocols called Signaling System 7 (SS7), a piece of the telecommunications infrastructure that is needed for cellular calls to connect and for text messages to pass to other parties around the world. Karsten Nohl, a member of the hacking team, claims he was also able to track the congressman's movements through the same flaw. It was even possible for Nohl to acquire the phone number of someone Lieu's borrowed iPhone called or was called by, potentially giving an attacker another target to use the same vulnerability against.

Nohl advised the SS7 flaw was a considerable risk to the protection of privacy in calls between politicians and business executives, though it is unlikely to be closed easily. The flaw is said to be an "open secret" among intelligence agencies around the world, one that many would prefer to keep open and unprotected.

In response to these findings, Lieu suggests those working for intelligence agencies defending the flaw as bing "extremely valuable" due to the information that can be collected from it should be fired. "You cannot have 300-some million Americans – and really, right, the global citizenry be at risk of having their phone conversations intercepted with a known flaw, simply because some intelligence agencies might get some data. That is not acceptable."

While the flaw exists for calls and texts, there are still ways users can make calls without being monitored in this way. Using apps with built-in encryption for messaging and calls bypasses SS7 entirely, but it does rely on the platform hosting the call being secure enough to keep intruders out, as well as making sure the mobile devices involved in the call are equally protected.

[horst]

In the same 60 Minutes segment, by receiving a simple text message, an Android smartphone was hacked to provide video from its front-facing camera without the user's knowledge. That's the Swiss-cheese security in Android.

[Makosuke]

I can't say I find this surprising--the telephone system has, to date, always been extremely insecure.

From the 1870s through the 1990s the system was built such that anyone with physical access to the wires anywhere near either caller could surreptitiously listen in on a call (or place calls from someone else's phone) with cheap hardware and a rudimentary knowledge of how phone systems work. Millions of endpoints are still vulnerable.

Same for cordless phones that were ubiquitous for a couple of decades--anyone in a few-hundred-foot range could easily listen in on a call with some cheap hardware and basic knowledge.

1G analog cell phones, again, totally unencrypted and, while somewhat more specialized equipment and knowledge was required, anyone in the vicinity could listen in on a call.

VOIP is often sent in the clear on an internal network, so even there many calls can be spied on if someone has access to the network.

Things got a little more secure with 2G and above digital cellular, but given the practically nonexistent security on every previous iteration of phone technology it's not much of a surprise that that sucks, too.

Yet another reason to use FaceTime audio instead of a call, I guess.