End Of Privacy As We Know It

The end of privacy as we know it: 60 Minutes uncovers huge mobile phone security vulnerabilities

IT’S the dirty little secret that’s facilitating what’s being called the biggest breach of privacy ever.

Government, security agencies and the telecommunications industry will be forced to explain a security hole that allows hackers to listen in to conversations and hijack Australians’ mobile phones after it’s exposed by a 60 Minutes investigation, the program claims.

In an investigation into mobile security spanning three continents, reporter Ross Coulthart believes he has uncovered a security vulnerability that could affect any of us, and there’s nothing being done to stop it.

“What it means is that your smartphone is an open book,” he told news.com.au

“Criminals now have access to these huge security holes to steal your data and listen in to your calls. We know telephone companies know about it, we know security agencies know about it, but nothing is being done.”

German hacker Luca Melette demonstrated the tracking and bugging vulnerability in the SS7

German hacker Luca Melette demonstrated the tracking and bugging vulnerability in the SS7 signalling network to 60 Minutes. Source: Channel 9

By tapping in to SS7, a signalling system in use by more than 800 telecommunication companies across the world including major Australian providers, hackers are able to listen in to conversations, steal information stored on mobile phones, and track the location of the phone’s user.

The system, Coulthart says, has long been in use by spies and has been a secret of perpetrators of international espionage. It’s believed to be the very tactic used by Australian spies in tracking the phone calls of the wife of the Indonesian president, Coulthart says. But recently, organised crime, commercial spies and potential terrorists have been exploiting this security loophole for their gain, 60 Minutesclaims to have uncovered.

“The allegation in our story is the reason this security vulnerability has not been fixed is because it suits the spooks,” Coulthart said.

“Until very recently corporate criminals didn’t know about it, but now it’s very clearly being misused by corporate and organised crime.”

With the help of a German hacker, who also works as a consultant to security agencies, and using Independent Senator Nick Xenophon as a guinea pig the program shows how easy it is for a politician’s mobile phone, or anyone’s for that matter, to be intercepted and listened in on.

“We were able to then track that phone on a map,” Coulthart said.

“You can imagine what that means for a company executive going to a secret meeting or a prime minister travelling around the world.

“But it’s not just those sorts of people who are vulnerable, basically it means your smartphone is an open book and you can no longer assume that it’s just the intelligence services or police that might be listening to your phone.”

‘The most breathtaking breach of privacy’

Senator Nick Xenophon, at Parliament House in Canberra, speaks to Ross Coulthart in Berlin while Luca Melette listens to the call using the SS7 hack. Source: Channel 9

Using a cryptophone, which allows the detection of the use of devices known as IMSI-catchers (International Mobile Subscriber Identity) that facilitate mobile eavesdropping, Coulthart said he was alerted to at least 10 devices trying to hack into his calls while in Sydney.

“I detected multiple intercepts, including right outside the Australian Stock Exchange,” he said.

“It’s pretty surreal to be standing outside the stock trading centre, and to be hacked. I hope it was law enforcement, but knowing how criminals use these devices there was a question mark in my mind.”