Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
United States Cellphones China Government Security

Millions of U.S. Cellphones Could Be Vulnerable to Chinese Government Surveillance (washingtonpost.com) 73

Millions of U.S. cellphone users could be vulnerable to Chinese government surveillance, warns a Washington Post columnist, "on the networks of at least three major U.S. carriers."

They cite six current or former senior U.S. officials, all of whom were briefed about the attack by the U.S. intelligence community. The Chinese hackers, who the United States believes are linked to Beijing's Ministry of State Security, have burrowed inside the private wiretapping and surveillance system that American telecom companies built for the exclusive use of U.S. federal law enforcement agencies — and the U.S. government believes they likely continue to have access to the system.... The U.S. government and the telecom companies that are dealing with the breach have said very little publicly about it since it was first detected in August, leaving the public to rely on details trickling out through leaks...

The so-called lawful-access system breached by the Salt Typhoon hackers was established by telecom carriers after the terrorist attacks of Sept. 11, 2001, to allow federal law enforcement officials to execute legal warrants for records of Americans' phone activity or to wiretap them in real time, depending on the warrant. Many of these cases are authorized under the Foreign Intelligence Surveillance Act (FISA), which is used to investigate foreign spying that involves contact with U.S. citizens. The system is also used for legal wiretaps related to domestic crimes.

It is unknown whether hackers were able to access records about classified wiretapping operations, which could compromise federal criminal investigations and U.S. intelligence operations around the world, multiple officials told me. But they confirmed the previous reporting that hackers were able to both listen in on phone calls and monitor text messages. "Right now, China has the ability to listen to any phone call in the United States, whether you are the president or a regular Joe, it makes no difference," one of the hack victims briefed by the FBI told me. "This has compromised the entire telecommunications infrastructure of this country."

The Wall Street Journal first reported on Oct. 5 that China-based hackers had penetrated the networks of U.S. telecom providers and might have penetrated the system that telecom companies operate to allow lawful access to wiretapping capabilities by federal agencies... [After releasing a short statement], the FBI notified 40 victims of Salt Typhoon, according to multiple officials. The FBI informed one person who had been compromised that the initial group of identified targets included six affiliated with the Trump campaign, this person said, and that the hackers had been monitoring them as recently as last week... "They had live audio from the president, from JD, from Jared," the person told me. "There were no device compromises, these were all real-time interceptions...." [T]he duration of the surveillance is believed to date back to last year.

Several officials told the columnist that the cyberattack also targetted senior U.S. government officials and top business leaders — and that even more compromised targets are being discovered. At this point, "Multiple officials briefed by the investigators told me the U.S. government does not know how many people were targeted, how many were actively surveilled, how long the Chinese hackers have been in the system, or how to get them out."

But the article does include this quote from U.S. Senate Intelligence Committee chairman Mark Warner. "It is much more serious and much worse than even what you all presume at this point."

One U.S. representative suggested Americans rely more on encrypted apps. The U.S. is already investigating — but while researching the article, the columnist writes, "The National Security Council declined to comment, and the FBI did not respond to a request for comment..." They end with this recommendation.

"If millions of Americans are vulnerable to Chinese surveillance, they have a right to know now."
This discussion has been archived. No new comments can be posted.

Millions of U.S. Cellphones Could Be Vulnerable to Chinese Government Surveillance

Comments Filter:
  • I mean Google and Apple are already doing surveillance there. The place is already taken.

    • by dbialac ( 320955 )
      Apple? Not really. In states that are required give you all of your information that they have, if you ask Apple, the information that they have is practically nothing. Google is another story, unless you have everything turned off. It's a huge document. Turning everything off is at least an afternoon project and they're constantly adding new things that you have to dig into to try to turn off. In a nutshell, don't use Google and block anything that can be used to track you, like login popups on 3rd party s
    • by gweihir ( 88907 )

      The solution is really simple: The Chinese just hack and steal the data-sets. Why go to all the trouble surveilling users directly?

  • 1) Anyone who works in a sensitive government position (or adjacent to one where your movements could reveal something) and is stupid enough to carry around an insecure phone.

    2) Anyone who works in an industry within which the Chinese government might like to engage in some industrial espionage.

    3) Chinese expats worried about Xi wanting to exert control over them and threaten family members back in China.

    4) Pretty much nobody else.

    I don't want Xi snooping in my phone, but it's incredibly unlikely to have an

    • by AleRunner ( 4556245 ) on Sunday November 03, 2024 @03:42PM (#64916823)

      1) Anyone who works in a sensitive government position (or adjacent to one where your movements could reveal something) and is stupid enough to carry around an insecure phone.

      This is specifically about phone independent monitoring. If you make a phone call from a "secured" phone to an actual normal number.

      2) Anyone who works in an industry within which the Chinese government might like to engage in some industrial espionage.

      Or anyone who works in an industry like banking where the Chinese might profit from insider knowledge. Or anyone who works in support of an industry China wants to take over.

      3) Chinese expats worried about Xi wanting to exert control over them and threaten family members back in China.

      Or anyone who's doing things like this Slashdot story that are uncomfortable for the Chinese government. Or anyone who might travel to China and have mistakenly visited an anti-China web page or be useful for China to kidnap and hold hostage.

      4) Pretty much nobody else.

      Except for people like Americans where China has been explicitly flying Nuclear Bombers near to their country recently.

      I don't want Xi snooping in my phone, but it's incredibly unlikely to have any significant effect on my life. In fact, whatever resources they devote to monitoring me, however meagre, are a wasted effort for them.

      They will have an AI system monitoring you. If you are honestly as boring as you say they might just be using your location to improve their ICBM targeting, but they will still do that. They might also use the data to get you fired so that one of their agents can take your job to have something to pay for their life when the want a sleeper agent in the US.

      It's very likely that the truth is that you personally won't have bad things happen to you, however the Chinese government has become pretty hostile. This should not just be discounted because these things will happen to someone.

      • by djinn6 ( 1868030 )

        Except for people like Americans where China has been explicitly flying Nuclear Bombers near to their country recently.

        they might just be using your location to improve their ICBM targeting.

        They might also use the data to get you fired so that one of their agents can take your job to have something to pay for their life when the want a sleeper agent in the US.

        I think you're wearing your tin foil hat a bit too tightly. Their nuclear bombers aren't even stealthy, so they'll be shot down in no time assuming they even get airborne. As for their ICBMs, those are all nuclear tipped and aimed at large cities (they use the minimum deterrence strategy). If they can't figure out where those are, then there's nothing for us to worry about. And firing you when there's 100 applicants for every opening? That's a 1% chance for their agent to get the job. Just wiring them some

  • Problem is that the entire phone ecosystem in the US is about deliberately leaking stuff, be it telemetry, or all that juicy data from the microphone, cameras, GPS, and all the data stored on the device. This is how Android continues to exist, because without the data coming in, Google couldn't really exist.

    Of course, those same mechanisms to feed the ad companies are easily hijacked to redirect the data to China, or whatever hostile power wants them. Private industry won't do jack shit because they proba

  • by PPH ( 736903 ) on Sunday November 03, 2024 @03:02PM (#64916713)

    This is why you don't build back doors into your stuff. Even if they are only meant for the "good guys".

    • Good guys don't need backdoors. Only people up to no good do.

      • by gweihir ( 88907 )

        The "good guys" use front doors! So you do not even get to complain when they rape you...

        For context, some deeply immoral asshole German politicos complained their deeply desired surveillance mechanisms were called "backdoors" by all experts and claimed that government surveillance would, of course, use "front doors".

    • by Chelloveck ( 14643 ) on Sunday November 03, 2024 @04:00PM (#64916867)
      Who could have predicted it? It's almost like the thing that every cryptography professional told them from the outset would happen, happened!
      • by AgTiger ( 458268 )

        I wish I had moderator points today in order to give you a +1 to this.

      • by sconeu ( 64226 )

        Came here for this comment. Thank you.

      • Who could have predicted it? It's almost like the thing that every cryptography professional told them from the outset would happen, happened!

        Yep. I was there in the standards meeting when the feds turned up and gave a talk about the mandatory LA features we had to add. We all pointed out how this was stupid and would be exploited by everyone and anyone to spy on everyone and anyone including those feds demanding we add LA.

        And here we are 20 years later.

  • by MpVpRb ( 1423381 ) on Sunday November 03, 2024 @03:09PM (#64916735)

    ...insecure. Those are the only options.
    It's impossible to allow the good guys to get in while keeping the bad guys out.
    If there is a secret back door, the bad guys will find it.
    It's not even possible to make sure the good guys are always good.

    • Do you have updates turned off on your phone?

    • by Anonymous Coward

      A system can be secure or......insecure.

      I think you meant a system can be insecure or believed to be reasonably secure.

  • Anyone who wants to waste their time reading the piles of spam I get very day is welcome to. If you worried about surveillance, don't use your phone for anything critical.
  • Got contacted by my local government. A polite letter telling me that they want to spy... research how I use my smartphone. They pay me 7€ a month. But they were to lazy to use a back door. I had to install an app. Nice.
  • cover story (Score:1, Insightful)

    by goshes ( 1335249 )
    I'm not buying any of this. If there's a backdoor built into telecoms for wiretapping, then why not change the password, or the port the wiretap is done? It seems more likely a spy has been leaking information to China, so they came up with this cover story. If they know that the chinese have been listening to calls as of a week ago, then why cant they block them? Makes no sense.
    • Yea, all good questions which I notice you were suspiciously modded down for. Of course, I had known someone had been monitoring my cellphone communications for years already, and now I'm wondering if these are the same people, or if it has been someone else who has also had this level of access all along. I wonder if there's anyone left in the world who doesn't have this level of access at this point. It seems like security is a joke to these companies.

  • Techdirt (https://www.techdirt.com) has covered this for decades.

    When you CREATE AN OPEN DOOR then bad actos WILL gain access and WILL use it.

    Today that may be a nation state hell bent on figuring out how much interest my bank account collected.
    Tomorrow it may be those spammer scammers who will TRANSFER ALL MY MONEY elsewhere.

    What will the US government do? Blame other people. Even though they DEMANDED the breaking of
    encryption and creation of the access, and the banks and other instituions acceded to the

  • Backdoor wide open (Score:5, Insightful)

    by markdavis ( 642305 ) on Sunday November 03, 2024 @03:40PM (#64916819)

    >"The Chinese hackers,[] have burrowed inside the private wiretapping and surveillance system that American telecom companies built for the exclusive use of U.S. federal law enforcement agencies"

    Please remember this if you are tempted to support "back doors" in encryption, for ANY reason. Security by obscurity doesn't work, and keeping something like that "secret" is not only nearly impossible in the long-term, it presents a weakness that can eventually be cracked, even if it remains secret.

  • by rapjr ( 732628 ) on Sunday November 03, 2024 @03:46PM (#64916835)
    Spies don't spy on people for fun, they spy to get an advantage. So with complete access to US telecom networks they would use that information to compromise the military, the politicians, the corporations, and the rich by blackmailing them. This would explain a lot about US politics and corporate behavior. Possibly system logs could indicate who has been compromised, but maybe not, it's not unusual for cyber attackers to erase or modify logging systems. Even if the VIP's are not personally compromised, their relatives/friends/associates are. So everyone in power in the US is now suspect. The US was the first to compromise the rest of the world in this way, Snowden revealed it, and every country in the world realized the gloves were off and many started doing the same thing. The US said they only did it for national security purposes, trust them, but then it was revealed they spied to get an advantage in trade agreements. So much for the international rule of law. So even if the US can tell who has been spied on, they do not yet know which individuals were blackmailed and what they revealed and who else has been compromised as a result. How many "friends" did Epstein have listed in his notebook? Given how long it took to discover this attack, what other countries have have also found access to this backdoor and haven't even been discovered yet? It is common for spies to intercept data collected by other spies, so any country could have this data now, malware does not follow best cybersecurity practices. The cybersecurity research community warned the US that a backdoor could be exploited by enemies, and the government ignored them. Now everything is compromised because of the magical thinking that the US is smarter than everyone else.

    That's my opinion, I'd like to hear some debate. Is there anything that might limit the fallout from this attack? I guess one thing is individual values, some people may not have done anything they can be blackmailed for (although they also have relatives/friends/associates).

    • Funny the way you have been modded off topic when you are directly asking about the results of this. Maybe the Slashdot mods are being blackmailed \j.

      You've got a point, but typically data like this would be too valuable to risk by directly using for blackmail. I'd imagine this would be used more for target selection and similar. You then use something like parallel construction to get the blackmail data.

  • "on the networks of at least three major U.S. carriers."

    So, all of them? If you have a cell phone in the US it's pretty much on one of three networks: TMO, VZW, and ATT. There is US Cellular but they don't have much of a footprint.

    • Per the FCC:
      The Communications Assistance for law Enforcement Act (CALEA) is a statute enacted by Congress in 1994 to require that telecommunications carriers and manufacturers of telecommunications equipment design their equipment, facilities, and services to ensure that they have the necessary surveillance capabilities to comply with legal requests for information.

      https://www.fcc.gov/calea

      Per Wikipedia:
      In the years since CALEA was passed it has been greatly expanded to include all VoIP and broadband In

  • "Millions of U.S. Cellphones Are Vulnerable to Chinese Government Surveillance " (And the rest of the planet, of course). That's better.
  • The bad guys are exploiting the secret back door for the good guys? Which one is which again? Defend Encryption
  • Or use your phone to talk about it. Or have your phone in the room when you do (except battery removed).

    There, really not that hard and not even a new thing.

  • Accuracy please (Score:5, Insightful)

    by skogs ( 628589 ) on Sunday November 03, 2024 @04:43PM (#64916935) Journal

    The phones themselves are fine. Or at least as fine as they were previously.

    The issue here is the network they connect to. Professionals need to fix the jacked up network. Normal users that don't understand how electricity even works do NOT need to go buy new phones.

  • what more is there needed to be said? Oh wait we need more government mandated backdoors in everything - why? because of the children of course.
  • by Anonymous Coward
    the private wiretapping and surveillance system that American telecom companies built for the exclusive use of U.S. federal law enforcement agencies

    Apr 2023: A Step by Step Guide to SS7 Attacks [firstpoint-mg.com]

    Feb 2022: Whistleblower claims NSO offered 'bags of cash' for access to US phone networks [theregister.com]

    2018: SS7 vulnerabilities and attack exposure Report [gsma.com]
  • So China is using the "secret" back doors built in to the U.S. phone network by the U.S. government? Who other than world+dog could have seen that coming? This is truly an own goal.

    But I don't hear any hint of the easy and effective solution: disable the back doors.

  • I forsee a bunch of RINC* AI bot posts along the lines of "nothing new / nothing to see here, move along".


    * Russian / Iranian /North Korean / Chinese.
  • tldr; If it is "worse than you all even presume" does that mean the vulnerability allows the attackers to dial up a deepfake service to initiate faked calls or even take over existing calls for a short period without one side being aware of it?

  • ...built with the best of intentions, will eventually be used by bad players. It doesn't even need to be hacked -- the keys are too valuable, and the temptation inevitably too high, to sell them off to the highest bidder.

  • Millions of U.S. Cellphones Should Be Vulnerable to American Government Surveillance, Dammit!

  • Upload as many penis and vagina pictures as you can.
  • Having worked at a telecommunications equipment manufacturer, specifically on the CALEA subsystem testing team, let me say that I'm just shocked that a system designed for lawful intercept would ever be used for nefarious purposes. Shocked, I tell you. Nobody could ever anticipate something like this happening.

    (for the emo-divergent, I should point out that the above statement is positively dripping with sarcasm.)

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (3) Ha, ha, I can't believe they're actually going to adopt this sucker.

Working...