Once again, it's been shown that your phone is a great tracking device, with potentially devastating effects.

This time around, 60 Minutes teamed up with security experts including the formidable Karsten Nohl, a household name in telco security, and looked at how the Signalling System No. 7 (SS7) network for mobile and fixed telecommunications can be used to spy on people.

The reporters were able to work out where United States congressman Ted Lieu was, and intercept and record his calls.

They did it from Berlin while Lieu was in California, and the only piece of information required was the congressman's phone number.

Advertisement

Lieu was livid and demanded heads on spikes, but pointing out how insecure phone networks are is the security industry equivalent of shooting fish in a barrel.

There are stories regularly about how easy it is not just to track phone users, but also how insecure the telco networks are.

The real story here of course isn't so much that phone networks have more holes than Swiss cheese, but that the situation is allowed to continue.

Vulnerabilities in SS7 have been known and talked about for three decades now, with little or no progress being made in sorting them out. It's possible that the system would receive a security overhaul if criminals and despots began abusing the vulnerabilities on a large scale so that people's lives were endangered simply by carrying a mobile phone.

Since scores of important and ordinary people haven't been dispatched while making calls, and phone operator networks with their layers of old tech are difficult and expensive to upgrade, it's a safe bet we'll have to put up with the flaws for longer. Also, they are useful for law enforcement and intelligence agencies wanting to find people with the help of their phones, anywhere in the world. Three years ago, details of security and surveillance technology vendor Verint's Skylock system were published.

Skylock is seen as a cost-effective and unobtrusive surveillance solution, and it's not hard to imagine that intelligence agencies would be loath to lose such a tool. Besides, Skylock can send fake SMS text messages too, which is always handy for tricky snoops.

Since each mobile phone carries a unique identifier (the international mobile equipment identifier - IMEI - and international mobile subscription identifier - IMSI) that are needed for the phone network to find them and route calls to devices, it's easy to quietly map out where someone goes, and when, through SS7. The biggest irony with the permanently insecure SS7 network which first saw light in the mid-70s becomes clear when you think about all the "cyber rattling" over the past few years, with governments and intelligence agencies talking big about building defences for the internet with security task forces and more.

You'd think that fixing the SS7 network first would be a priority, given that the security flaws in it provide not just access to almost everyone's personal communications, but in effect, paints a bull's eye on their back by tracking their locations, but it looks like we'll have to live (or die) with those flaws.