Hackers used US House of Representatives Ted Lieu's ten-digit cellphone number (which was publicly known) in order to intercept his calls, as a part of a stunt for TV program '60 Minutes' — to which Lieu had given his permission to carry out the experiment.
During the broadcast, the fully-intelligible audio of the intercepted call, in which Lieu discussed NSA's mass surveillance program, was played.
"It's really creepy. And it makes me angry. They could hear any call. Pretty much anyone has a cell phone. It could be stock trades you want someone to execute. It could be a call with a bank," Lieu said.
The caper was carried out by German security expert Karsten Nohl, and it had no real consequences. Still, the same vulnerability that allowed Nohl to eavesdrop on Lieu's calls could be easily exploited by less well-intentioned people.
The hack was performed by breaching the Signalling System Number 7 — or SS7 — a telephone signaling language currently used on a global scale by over 800 companies.
SS7 is key to allow different phone companies to communicate and exchange data: put it bluntly, it is the piece of technology that makes possible to send texts from one continent to another. As it is designed, though, it also allows whoever controls it to track individual users' data and geographic position.
To make things worse is the fact that once somebody has managed to get access to it, they can spy on the customers of every and each telco company that is part of the network.
In other words, it just takes a hacker or a malicious employee in one of the 800-plus firms scattered throughout the globe to threaten the privacy of billions of mobile phone users everywhere.
Solutions could come soon however, under the guise of a new network technology called Diameter, although it is unclear whether it will be able to solve SS7's flaws.
What is known is that the NSA and many other security agencies were well aware of this vulnerability, and may have willingly decided not to blow the whistle.
"The people who knew about this flaw should be fired," Lieu said.
"You cannot have 300 and some million Americans, and really the global citizenry, be at risk of having their phone conversations intercepted with a known flaw simply because some intelligence agencies might get some data. That is not acceptable."
