On April 17, Sharon Alfonsi on 60 minutes had a segment called "
Hacking Your Phone" She reported that hackers have discovered a flaw in the "SS7" system that controls all phones throughout the world that allows anyone with knowledge of the flaw to gain complete access to a phone. The hacker can listen to our calls, copy all of our emails and texts and see all of our passwords. She arranged a demonstration where hackers John Herring and John Oberheide hacked Congressman Ted Lieu's phone. They could even remotely install malware onto the Congressman's phone that would allow them access to the phone's camera and were able to see everything his camera was pointing at without the Congressman's knowledge the phone was active.
So this shows that even with encryption and all of the modern security features of our phones, "bad guys" can get into our phones. What should we do? Should we stop all internet activity from our phones? This remarkable revelation may put a serious damper on the movement to do everything using our mobile phones. That could, in turn, affect the overall economy.
It appears that phone companies are aware of the flaw, and have known about it for a long time. They were quoted as saying that it is a vulnerability in Europe, but not the US ---but the demonstration was, in fact, done in the US with US carriers. So we know our US system is vulnerable.
I am suspicious that our Federal Government agencies: FBI, NSA, CIA, Treasury Dept, Homeland Security etc may be aware of the flaw, and if so, are actively exploiting it both within the US and around the world as well. I also suspect that the US Carriers are forbidden by those agencies from revealing that fact, or the fact of the SS7 flaw, because those agencies would like to continue to use it against the organizations and individuals that those agencies believe are "bad guys." Those agencies do everything they can to protect their secret access to our phones. Today's USA Today had a column by Brad Heath entitled "
FBI Urges Agents to Keep Secrets - From Each Other . I also suspect that what they are hiding is the fact that they can hack into our phones and our car's "On-Star" type systems and don't want citizens and defense attorneys to know they can do it.
Near the end of the 60 minutes report, Congressman Ted Lieu said that if our intelligence agencies know about this flaw and didn't report it, that they should be fired. I believe Congress should investigate to find out if, in fact, agencies are exploiting this flaw. If they are using it, some leaders should be fired.
I also think Congress should push immediately to close the "flaw" in SS7, and if necessary should appropriate resources to do it. We really need some sort of independent agency to test all such communication systems and devices for serious flaws and make sure they are, in fact, secure.
