The SS7 hack is a reality. There are sites all over the internet that offer tracking the location of any cell phone user by just the phone number. Other services allow calls to recorded or eavesdropped and text messages to be read outside of the device.

In the back end of the telephone network where all calls connect is a flaw that allows professional spies, hackers, law enforcement, nation-states, foreign and domestic competitors without morals to monitor the cell phone networks.  While the news organizations and google pages are filled with references to hackers, it is a wide range of actors that can listen to virtually any call, at any time. Most of these openly advertise that location or call information is available for suspected terrorists and jealous spouses.

Many people suspect that outsiders are listening to their cell phones. While most of these issues have been due to the use of social networking there are several threats that every cell phone brings to its owner.

Last year, 60 minutes aired a segment of an SS7 attack on US Congressman Ted Lieu’s phone number (with his permission).  Karsten Nohl of German Security Research Labs demonstrated intercepting of his iPhone, he recorded conversations and tracked the Congressman’s precise location in real-time just by using his cell phone number and access to an SS7 network.

There have been reported incidents of compromising two-factor authentication using text messages and breaking into banking accounts along with social media accounts.

If you are interested in reading more about the SS7 flaw here is a link to an article posted in 2016

https://fedotov.co/ss7-hack-tutorial-software-video/

Outside of hackers and foreign competitors attempting to monitor your activities, there are hundreds of application on the Google and iTunes stores both free and paid applications that turn on the microphone of the phone, for what is explained as, innocuous reasons. One popular reason propagated all over the internet is to monitor what is on your television.

I believe that cell phones represent threats to both intellectual property and personal security. It is popular for workers to bring the phones everywhere with them. And that is something that business and individuals need to address.

No one should talk about sensitive subjects around cell phones. Business should adopt a rule for meetings banning the devices when discussing touchy subjects, additionally, those that have network monitoring present should require that all employees turn off mobile access and only use the company provided Wi-Fi, to detect additional threats that cell phones could bring to the company network. For those without monitoring, create an additional network outside of the local area network for the cellphones so that there is no way for anyone to steal any data contained, on the Lan or the servers.

On the personal front, I believe that social media should not be on the same device as banking apps or be used on the internet on the same devices. An easy fix to obtain a separate computer or tablet to do banking on. Many of the bank apps are better than the web applications and will operate on Android or IOS tablet devices. Create a separate email address for your bank from that device and it will cut down the phishing danger to your primary email address. For an added layer of protection subscribe to a virtual phone number.  Skype, Google, and countless others have numbers that can be associated to a separate email address, making it unlikely that anyone would find the number, making two-factor authentication slightly more secure.

When you are not doing banking, simply turn off the device.

I use social networks on a burner phone. I bought a cheap cell phone that only operates on Wi-Fi connections. Additionally, I have signal on the phone for making outgoing calls using a virtual number. Signal will encrypt your SMS messages once they are received on your primary phone once installed.

There is a side benefit to using signal, voice calls made between devices using the app are encrypted using the internet connection and do not cross the SS7 network.