This week, Labor Senator San Dastyari was exposed, reprimanded and later, demoted for allegedly warning a Chinese political donor of possible hacking of his mobile phone[1]. Mr Dastyiari had disclosed to the donor that he suspected that intelligence agencies, including those of the United States, had bugged his phone[2].
Such allegations sound like a scenario in a Hollywood spy movie. Nevertheless, phone hacking has become a modern security problem that goes beyond international politics and intelligence. In 2011, the British newspaper tabloid, News of the World closed down after it was prosecuted for hacking and monitoring private phone calls of over 4000 individuals[3]. As a result, the UK’s Crown Prosecution charged eight people in News of the World’s senior management team for breach of the Regulation of Investigatory Powers Act 2000[4].
As it turns out, phone hacking is an incredibly easy thing to do. In 2016, security researchers discovered that you could hack a phone just by knowing your phone number. The hack involved exploiting the interchange service called SS7[5]. The SS7 acts as a ‘broker between mobile phone networks’, handling backend phone functions such as billing transactions, transferring messages and other duties that connect phones to one another[6]. Hackers can hack directly into this system and trace your activity by triangulating your activities using just your phone number.
It is unclear if the SS7 exploit has been completely fixed. Judging from Mr Dastyari’s recent comments, it may well be that intelligence agencies might still be utilising this system to ‘listen in’ on phone activity.
There are ways of finding out if your phone is being hacked. Below are some things to consider:
- Spy apps may have been secretly installed on your phone – these may cause your phone to behave erratically; drain your battery quickly; or use up more online data than normal[7].
- There are anti-spy apps available – these apps monitor and secure your phone. These apps scan your phone’s software to ensure there aren’t any unseen applications on your phone[8].
- ‘Jail breaking’ may make your phone vulnerable – spy apps can hide inside your phone if it has been jail broken or modified by anyone who wasn’t your authorised phone dealer[9].
- Phones can receive spam messages that can lead to phishing – emails, suspicious texts asking you to input your bank details or look at a funny video should be treated as suspicious attempts to hack your phone.
Phone hacking isn’t new, it isn’t even that sophisticated. However, it does appear that we treat mobile phone security differently; as opposed to the way we secure our computers. We do not even have to be involved in global politics. As seen in the New of the World scandal, journalists are more than willing to hack into the public’s phone for a scoop and both businesses and individuals should be aware of the ways hackers can easily gain access to mobiles to ensure they are fully protected.
For assistance in securing your organisations phones, both mobile and landline, please do not hesitate to contact Agilient.
The Agilient Team
[1] https://www.news.com.au/national/politics/julie-bishop-has-called-for-senator-sam-dastyari-to-step-down-from-parliament/news-story/79ef0e4af52b5cf16b0b5a0aac88b958
[2] https://www.smh.com.au/federal-politics/political-news/labor-senator-sam-dastyari-warned-wealthy-chinese-donor-huang-xiangmo-his-phone-was-bugged-20171127-gzu14c.html
[3] https://www.bbc.com/news/uk-11195407
[4] https://www.legislation.gov.uk/ukpga/2000/23/section/1
[5] https://www.computerworld.com/article/3058020/security/hackers-only-need-your-phone-number-to-eavesdrop-on-calls-read-texts-track-you.html
[6] https://www.computerworld.com/article/3058020/security/hackers-only-need-your-phone-number-to-eavesdrop-on-calls-read-texts-track-you.html
[7] https://www.phone.instantcheckmate.com/dialed-in/phone-bugged/
[8] https://spyzrus.net/how-to-tell-if-your-cell-phone-is-being-tracked-tapped-monitored-by-spy-software/
[9] https://www.techlicious.com/tip/how-to-tell-if-your-phone-has-been-hacked/