17th August 2015
The end of privacy as we know it: 60 Minutes uncovers huge mobile phone security vulnerabilities
IT’S the dirty little secret that’s facilitating what’s being called the biggest breach of privacy ever.
Government, security agencies and the telecommunications industry will be forced to explain a security hole that allows hackers to listen in to conversations and hijack Australians’ mobile phones after it’s exposed by a 60 Minutes investigation, the program claims.
In an investigation into mobile security spanning three continents, reporter Ross Coulthart believes he has uncovered a security vulnerability that could affect any of us, and there’s nothing being done to stop it.
“What it means is that your smartphone is an open book,” he told news.com.au
“Criminals now have access to these huge security holes to steal your data and listen in to your calls. We know telephone companies know about it, we know security agencies know about it, but nothing is being done.”
By tapping in to SS7, a signalling system in use by more than 800 telecommunication companies across the world including major Australian providers, hackers are able to listen in to conversations, steal information stored on mobile phones, and track the location of the phone’s user.
The system, Coulthart says, has long been in use by spies and has been a secret of perpetrators of international espionage. It’s believed to be the very tactic used by Australian spies in tracking the phone calls of the wife of the Indonesian president, Coulthart says. But recently, organised crime, commercial spies and potential terrorists have been exploiting this security loophole for their gain, 60 Minutes claims to have uncovered.
“The allegation in our story is the reason this security vulnerability has not been fixed is because it suits the spooks,” Coulthart said.
“Until very recently corporate criminals didn’t know about it, but now it’s very clearly being misused by corporate and organised crime.”
With the help of a German hacker, who also works as a consultant to security agencies, and using Independent Senator Nick Xenophon as a guinea pig the program shows how easy it is for a politician’s mobile phone, or anyone’s for that matter, to be intercepted and listened in on.
“We were able to then track that phone on a map,” Coulthart said.
“You can imagine what that means for a company executive going to a secret meeting or a prime minister travelling around the world.
“But it’s not just those sorts of people who are vulnerable, basically it means your smartphone is an open book and you can no longer assume that it’s just the intelligence services or police that might be listening to your phone.”
Using a cryptophone, which allows the detection of the use of devices known as IMSI-catchers (International Mobile Subscriber Identity) that facilitate mobile eavesdropping, Coulthart said he was alerted to at least 10 devices trying to hack into his calls while in Sydney.
“I detected multiple intercepts, including right outside the Australian Stock Exchange,” he said.
“It’s pretty surreal to be standing outside the stock trading centre, and to be hacked. I hope it was law enforcement, but knowing how criminals use these devices there was a question mark in my mind.”
Coulthart says intercepts were also detected “all over particular suburbs in Sydney”.
“A quiet residential suburb, and your phone’s being hacked. It may be a drug dealer, hopefully it’s the cops, but one of the things we drill down on in this story is that there is no monitoring for these kinds of devices. We’re confident that at least some of the devices we tracked are operating illegally.”
Coulthart said he found the security vulnerabilities uncovered “mind-boggling”, and said Xenophon felt the same pledging to demand a full inquiry into the issue.
“It’s the end of privacy as we know it, and what’s really disturbing is that this is vulnerability that was first identified back in 2008,” he said.
“Then it was speculated that it could be used to track people, but now we’ve proven that it can be used to secretly listen in on phone calls. It’s just the most breathtaking breach of privacy, I think, ever.
“The government, security agencies, and telecommunications industry, need to explain why this hole has not been fixed.”