60 Minutes asked a security firm to hack an iPhone, and the result is disturbing

iPhone Passcode
ymgerman/123rf
With all the commotion surrounding Apple’s fight with the FBI, 60 Minutes did its own experiment to find out just how safe our phones are from hackers. Unfortunately even with Apple’s strong encryption standards, everyone’s privacy is still in serious jeopardy.

60 Minutes’ Sharyn Alfonsi went to Berlin in search of the word’s best hackers, and she found Security Research Labs led by Karsten Nohl, who has a doctorate in computer engineering from the University of Virginia.

By day, the firm specializes in advising Fortune 500 companies on security, but in the wee hours of the night, the team hacks devices we use every day in order to warn consumers and companies of existing vulnerabilities before the bad guys find them.

Alfonsi challenged the team to break into an off-the-shelf iPhone from New York that was given to U.S. Rep. Ted Lieu, D-Calif., a member of the House Budget Committee and the House Committee on Oversight and Government Reform. Lieu agreed to the experiment knowing the phone would likely be hacked.

“First, it’s really creepy. And second, it makes me angry.”

Turns out that all the team needed was the phone number to the iPhone. They were easily able to hear and record phone calls, see Lieu’s contacts, and know his whereabouts. They were even able to get the phone number of every incoming and outgoing call to and from his “borrowed” iPhone.

Even though Lieu knew beforehand the phone would be hacked, the reality of it was more startling. When a recording of one particular conversation was played back to him, he said, “First, it’s really creepy. And second, it makes me angry.”

This was all possible from a security flaw in Signaling System 7 (SS7), a little-known global network that connects all the phone carriers around the world. It’s known as the heart of the phone system. The bad news here is that it affects every phone on a cellular network, whether it’s running iOS, Android, or even Windows. Even if a user turns off location services on their phone, hackers would still be able to see the phone’s location via the network.

Unfortunately, no single entity governs the SS7 networks around the world, so it’s up to each carrier to make its own network secure. Nohl did say that some networks are harder to crack than others, but they all appear to be hackable.

60 Minutes contacted the Cellular Trade Industry Association (CTIA) and the organization admitted of some security breaches overseas, but said all the U.S. networks are secure. Unfortunately Nohl and his team proved that to be untrue since Lieu’s phone was in the U.S. during the time of the experiment.

Now if this isn’t scary enough for you, consider that Alfonsi also visited Lookout Security co-founder John Hering. To prove that every phone is hackable, he put together a team in Las Vegas to hack Alfonsi’s own phone. The team created a ghost network that appeared to be a hotel Wi-Fi. Once Alfonsi connected to this ghost network (thinking it was a legit hotel network), the team was able to get her email address, her account ID, and all the credit cards associated with it. Hering also showed how he could spy on Alfonsi using the front facing camera on her phone.

The reaction

As disturbing as Hering’s attack is, this type of breach is more complicated in that the number of victims are limited to those that are on the fake network or who received a file with malicious code through a text message.

The SS7 flaw can be used to hack any phone at any time, as long as the phone number is known. However, Nohl said that most people would not be a target for this type of attack. Politicians and other high-profile people would be more likely to fall victim to the SS7 flaw.

The theory is that the SS7 flaw is well known within the government, but it’s a hole that security agencies might not want plugged since it provides access to everyone’s phone. Lieu said that anyone who knows about this flaw and didn’t actively try to remedy it should be fired. “We can’t have 300 some million Americans, and really the global citizenry, be at risk of having their phone conversations intercepted with a known flaw simply because some intelligence agencies might get some data,” he said. “That is not acceptable.”

In a letter dated April 18, 2016 to Honorable Jason Chaffetz, Chairman, and Honorable Elijia Cummings, Ranking Member, of the House Committee on Oversight and Government Reform, Lieu called for a full investigation.

“The applications for this vulnerability are seemingly limitless, from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring U.S government officials,” he said. “The vulnerability has serious ramifications not only for individual privacy, but also for American innovation, competitiveness, and national security.”

Click here to read the full contents of Mr. Lieu’s letter.

As distressing as this news is to all of us, we have to be thankful for 60 Minutes and Karsten Nohl for exposing this well-known insider secret. Could this be the next big battle on Capitol Hill? Stay tuned.

This article was originally published on 04-18-16

Updated on 04-19-16 by Robert Nazarian: Added in news that Mr Lieu is calling for a full investigation of the SS7 network flaw.

Mobile

Where do AirPods go when they die? The big problem with tiny earbuds

True wireless headphones are incredibly small and convenient, but they’re also some of the most ephemeral and disposable tech products available. With relatively short lifespans, true wireless earbuds range from wasteful to legitimately…
Gaming

Everything we know about Cyberpunk 2077

CD Projekt Red's Cyberpunk 2077 will see the renowned studio tackle science fiction. Cyberpunk 2077 looks like it could redefine how we perceive open-world RPGs. Here's everything we know so far ahead of its April 16, 2020 release.
Mobile

Huawei gets another short reprieve from ban, but the future doesn’t look hopeful

Huawei has been given another 90-day extension to the Temporary General License, which holds off the ban imposed on it by the U.S. government in May, meaning it’s allowed to continue trading with U.S. companies for now.
Movies & TV

The best movies streaming on Hulu right now (August 2019)

From dramas to blockbusters, Hulu offers some great films to its subscribers. Check out the best movies on Hulu, whether you're into charming adventure tales or gruesome horror stories.
Mobile

Critical Bluetooth security bug discovered. Protect yourself with a quick update

Researchers have discovered a major new security flaw in Bluetooth, which could leave millions of devices at risk of a malicious hack. The attack allows a hacker to “break” Bluetooth security without anyone knowing.
Mobile

Apple’s iOS 12.4 apparently unpatched a security flaw and enabled a jailbreak

It looks like iOS 12.4 may not be the safest version of iOS, according to a new report. Apparently, Apple accidentally unpatched a security flaw that was previously fixed in iOS 12.3 -- and the result is that any phone with iOS 12.4 can now…
Mobile

Is the Apple Card any better than a regular credit card? We asked an expert

The new Apple Card is integrated with your iPhone and comes with a titanium backup card for places that don’t accept Apple Pay, but how does it stack up against the competition? We asked some experts to find out.
Mobile

The best iPhone car mounts to keep your smartphone in sight and stable

The best iPhone car mounts are designed to securely hold your device in place and keep it in view while on the road. Here are some of the mounts you should look into if you're in the market for a quality piece of equipment.
Deals

Amazon drops prices on refurbished Samsung Galaxy, Google Pixel, and iPhone

Break your smartphone or, worse yet, lose it? Tired of paying for a device you don't own? Amazon's got some great deals on unlocked and refurbished phones including the Pixel 3 XL, iPhone XS, and Samsung Galaxy S10 this week.
Mobile

Apple Card is finally available. Here’s everything you need to know about it

Apple is getting into the credit card business. Apple Card is a credit card you can sign up for directly on your iPhone, and it doesn't have fees. There's a lower interest rate and you can even get Daily Cash from all purchases.
Mobile

Save space and data with Google Go, now for regular Android devices

Google Go is the top app for space- and data-saving searches on the entry-level Android Go, and now Google is making those handy capabilities available on mainstream Android devices.
Mobile

Apple Card Review: Come for the titanium card, stay for the app

The Apple Card has a lot of buzz, even if it’s iPhone-only card management will leave you stranded should you lose your phone. Apple’s more concerned with getting reluctant Americans to use mobile payments.
Deals

Looking to upgrade? These are the best iPhone deals for August 2019

Apple devices can get expensive, but if you just can't live without iOS, don't despair: We've curated an up-to-date list of all of the absolute best iPhone deals available for August 2019.
Mobile

Safeguard your stylish ebook reader with the best Kindle Oasis cases

There aren't a lot of truly great options if you're looking to buy a case for your new Amazon Kindle Oasis ebook reader, but we're here to guide you to the ones worth looking at. These are our top picks for style, utility, and protection.