It seems impossible, but it’s easy to listen conversations between smartphones
The safety of users is now the main task of any respecting company, but that can hardly be achieved. As much as you try to apply measures, they are often circumvented.
A reporter from CBS News channel managed, with the help of a team of hackers, to prove that it is very simple to listen to conversations between two smartphones, something that should leave all of us concerned.
The report that the journalist from CBS News channel made to program 60 minutes revealed a vulnerability that affects communications between phones and provides access to all conversations and messages that are exchanged between them. The vulnerability is not new and is located in the Signaling System Seven (SS7) network, which serves to support the exchange of traffic between the global telecom operators. This vulnerability was detected about 2 years ago, but it was only known that it allows to access the locations of users.
What has been proven now is much more serious and showed that the vulnerability let to record conversations between any devices and even copy the exchanged messages. With this information the doors are open, which so far were considered to be safe, as the 2 steps authentication mechanisms.
It was enough to send a smartphone for an American congressman and give hackers team the phone number. Within few minutes, calls to that number were listened and recorded. The phone that was used in this experiment was an iPhone, but the group ensures that this problem can be replicated on any phone.
To exploit the failure, it must be given an access to one of SS7 gateways, something that can be done by any government agency or group who can pay for it. It is a difficult access, but not impossible. SS7 failure is well known among hackers and other security elements, but remains to be unfixed, even though, there is no reason to keep it. The presented problem is very serious, just imagine that communications between world leaders can be listened by third parties.