Congressman wants probe into 'open secret' phone hack

A vulnerability highlighted on "60 Minutes" could allow someone to track your whereabouts, listen to your phone calls and read your text messages just by knowing your phone number.

60-minutes-phone-hacking.jpg

"60 Minutes" shows how hackers can use a simple phone number to spy on calls.

"60 Minutes"/CBS News

US Rep. Ted Lieu learned firsthand how easily hackers can crack into someone's phone.

Now the California Democrat wants Congress to investigate a security flaw that allows strangers to hack into a mobile phone just by knowing the phone number.

Lieu participated in a demo of the flaw, which aired Sunday on CBS' "60 Minutes." (Editors' note: CNET is owned by CBS.)

Knowing nothing more than Lieu's phone number and the exploit itself, computer engineer Karsten Nohl hacked into Lieu's phone to track his location, view his contacts and listen to and record his phone calls.

Now Lieu wants the House Committee on Oversight and Government Reform to investigate the vulnerability. In a letter sent Monday to the committee chairman and shared with CNET, Lieu said that "the applications for this vulnerability are seemingly limitless, from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring U.S. government officials."

The exploit takes advantage of something called the Signaling System Seven, or SS7, a worldwide network that connects phone carriers so people can make calls and text. Nohl told "60 Minutes" that the flaw is an "open secret among the world's intelligence agencies -- including ours -- and they don't necessarily want that hole plugged."

The flaw itself and the failure to plug it point to the ongoing battle between personal privacy and national security. Individuals expect security to protect themselves and their data. Intelligence agencies have been accused of keeping certain vulnerabilities a secret so they can spy on the "bad guys."

Lieu told "60 Minutes" that the people who knew about this flaw should be fired.

"You cannot have 300-some million Americans -- and really, right, the global citizenry, be at risk of having their phone conversations intercepted with a known flaw simply because some intelligence agencies might get some data," Lieu said. "That is not acceptable."

The flaw can't be patched on a phone. Instead, each mobile network must secure itself. The Cellular Trade Industry Association (CTIA ) told "60 Minutes" that there have been reports of security breaches in other countries but asserted that US cell phone networks are secure.

Regardless, Lieu wants the problem investigated.

"I strongly believe that action by the House Oversight and Government Reform Committee is needed to examine the full scope and implications of the SS7 security flaw," Lieu said in his letter.

Close
Drag