'Ghost Telephonist' lets hackers take over your phone number
[]
Share
Copied
The UnicornTeam researchers from 360 Technology, China's leading security company, demonstrated an "evil attack" at the hacker summit in Las Vegas, Nevada. The attack, "Ghost Telephonist", can let hackers get the content of a user's call and SMS.
In the team's presentation last week at the on-going hacker summit Black Hat USA 2017 and DEF CON security researchers introduced one type of vulnerability in CSFB (Circuit Switched Fallback) in 4G LTE network. In the CSFB procedure, researchers found the authentication step is missing.
Demo attack video screenshot /Unicorn Photo
Demo attack video screenshot /Unicorn Photo
"Several exploitations can be made based on this vulnerability," Unicorn Team wireless security researcher Huang Lin, told reporters. "We have reported this vulnerability to the Global System for Mobile Communications Alliance (GSMA)."
The security research team presented a scenario where one could reset a Google account password using a stolen mobile number.
How to hijack a random target /Unicorn Photo
How to hijack a random target /Unicorn Photo
After hijacking a user's communication, researchers signed into the user's Google Email and clicked "forget the password." Since Google sends verification code to the victim's mobile, attackers can intercept the SMS text, thereby resetting the account's password. The victim remains online in the 4G network and is not aware of the attack.
A lot of Internet application accounts use verification SMS to reset the login password, which means attackers can use a cellphone number to start password reset procedures then hijack the verification SMS.
Black Hat USA 2017 /Black Hat Photo
Black Hat USA 2017 /Black Hat Photo
According to researchers, the attacker can also initiate a call/SMS by impersonating the victim. Furthermore, Telephonist Attack can obtain the victim's mobile phone number and then use the phone number to make advanced attack.
The victim will not sense being attacked since no 4G or 2G fake base station is used and no cell re-selection. These attacks can randomly choose victims or target a given victim.
Black Hat USA 2017 /Black Hat Photo
Black Hat USA 2017 /Black Hat Photo
The research team proposed many countermeasures to operators and Internet service providers as well. Researchers say they are now collaborating with operators and terminal manufactures to fix this vulnerability.