Skip to main content
  1. Home
  2. Mobile
  3. News

60 Minutes asked a security firm to hack an iPhone, and the result is disturbing

Robert Nazarian
By

iPhone Passcode
ymgerman/123rf
With all the commotion surrounding Apple’s fight with the FBI, 60 Minutes did its own experiment to find out just how safe our phones are from hackers. Unfortunately even with Apple’s strong encryption standards, everyone’s privacy is still in serious jeopardy.

60 Minutes’ Sharyn Alfonsi went to Berlin in search of the word’s best hackers, and she found Security Research Labs led by Karsten Nohl, who has a doctorate in computer engineering from the University of Virginia.

Recommended Videos

By day, the firm specializes in advising Fortune 500 companies on security, but in the wee hours of the night, the team hacks devices we use every day in order to warn consumers and companies of existing vulnerabilities before the bad guys find them.

Related

Alfonsi challenged the team to break into an off-the-shelf iPhone from New York that was given to U.S. Rep. Ted Lieu, D-Calif., a member of the House Budget Committee and the House Committee on Oversight and Government Reform. Lieu agreed to the experiment knowing the phone would likely be hacked.

“First, it’s really creepy. And second, it makes me angry.”

Turns out that all the team needed was the phone number to the iPhone. They were easily able to hear and record phone calls, see Lieu’s contacts, and know his whereabouts. They were even able to get the phone number of every incoming and outgoing call to and from his “borrowed” iPhone.

Even though Lieu knew beforehand the phone would be hacked, the reality of it was more startling. When a recording of one particular conversation was played back to him, he said, “First, it’s really creepy. And second, it makes me angry.”

This was all possible from a security flaw in Signaling System 7 (SS7), a little-known global network that connects all the phone carriers around the world. It’s known as the heart of the phone system. The bad news here is that it affects every phone on a cellular network, whether it’s running iOS, Android, or even Windows. Even if a user turns off location services on their phone, hackers would still be able to see the phone’s location via the network.

Unfortunately, no single entity governs the SS7 networks around the world, so it’s up to each carrier to make its own network secure. Nohl did say that some networks are harder to crack than others, but they all appear to be hackable.

60 Minutes contacted the Cellular Trade Industry Association (CTIA) and the organization admitted of some security breaches overseas, but said all the U.S. networks are secure. Unfortunately Nohl and his team proved that to be untrue since Lieu’s phone was in the U.S. during the time of the experiment.

Now if this isn’t scary enough for you, consider that Alfonsi also visited Lookout Security co-founder John Hering. To prove that every phone is hackable, he put together a team in Las Vegas to hack Alfonsi’s own phone. The team created a ghost network that appeared to be a hotel Wi-Fi. Once Alfonsi connected to this ghost network (thinking it was a legit hotel network), the team was able to get her email address, her account ID, and all the credit cards associated with it. Hering also showed how he could spy on Alfonsi using the front facing camera on her phone.

The reaction

As disturbing as Hering’s attack is, this type of breach is more complicated in that the number of victims are limited to those that are on the fake network or who received a file with malicious code through a text message.

The SS7 flaw can be used to hack any phone at any time, as long as the phone number is known. However, Nohl said that most people would not be a target for this type of attack. Politicians and other high-profile people would be more likely to fall victim to the SS7 flaw.

The theory is that the SS7 flaw is well known within the government, but it’s a hole that security agencies might not want plugged since it provides access to everyone’s phone. Lieu said that anyone who knows about this flaw and didn’t actively try to remedy it should be fired. “We can’t have 300 some million Americans, and really the global citizenry, be at risk of having their phone conversations intercepted with a known flaw simply because some intelligence agencies might get some data,” he said. “That is not acceptable.”

In a letter dated April 18, 2016 to Honorable Jason Chaffetz, Chairman, and Honorable Elijia Cummings, Ranking Member, of the House Committee on Oversight and Government Reform, Lieu called for a full investigation.

“The applications for this vulnerability are seemingly limitless, from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring U.S government officials,” he said. “The vulnerability has serious ramifications not only for individual privacy, but also for American innovation, competitiveness, and national security.”

Click here to read the full contents of Mr. Lieu’s letter.

As distressing as this news is to all of us, we have to be thankful for 60 Minutes and Karsten Nohl for exposing this well-known insider secret. Could this be the next big battle on Capitol Hill? Stay tuned.

This article was originally published on 04-18-16

Updated on 04-19-16 by Robert Nazarian: Added in news that Mr Lieu is calling for a full investigation of the SS7 network flaw.

Editors' Recommendations

Topics
Robert Nazarian
Robert Nazarian
Former Digital Trends Contributor
Robert Nazarian became a technology enthusiast when his parents bought him a Radio Shack TRS-80 Color. Now his biggest…
Here’s how Apple could change your iPhone forever
An iPhone 15 Pro Max laying on its back, showing its home screen.

Over the past few months, Apple has released a steady stream of research papers detailing its work with generative AI. So far, Apple has been tight-lipped about what exactly is cooking in its research labs, while rumors circulate that Apple is in talks with Google to license its Gemini AI for iPhones.

But there have been a couple of teasers of what we can expect. In February, an Apple research paper detailed an open-source model called MLLM-Guided Image Editing (MGIE) that is capable of media editing using natural language instructions from users. Now, another research paper on Ferret UI has sent the AI community into a frenzy.

Read more
There’s a big problem with the iPhone’s Photos app
The Apple iPhone 15 Plus's gallery app.

While my primary device these days continues to be my iPhone 15 Pro, I’ve dabbled with plenty of Android phones since I’ve been here at Digital Trends. One of my favorite brands of phone has been the Google Pixel because of its strong suite of photo-editing tools and good camera hardware.

Google first added the Magic Eraser capability with the Pixel 6 and Pixel 6 Pro, which is a tool I love using. Then, with the Pixel 8 series, Google added the Magic Editor, which uses generative AI to make edits that wouldn’t be possible otherwise. There are also tools like Photo Unblur, which is great for old photographs and enhancing images that were captured with low-quality sensors.

Read more
Why you should buy the iPhone 15 Pro Max instead of the iPhone 15 Pro
Someone holding an iPhone 15 Pro Max outside on a patio, showing the back of the Natural Titanium color.

If you want the best iPhone money can buy in 2024, you have two options: the iPhone 15 Pro and the iPhone 15 Pro Max. They have the same chipset, similar display technology, nearly identical cameras, etc. It's a really close battle, save for the fact that the iPhone 15 Pro is $200 cheaper.

It might be tempting to save some cash and choose the iPhone 15 Pro, but I recommend you splurge for the larger (and more expensive) iPhone 15 Pro Max. Why? Let me explain.
It's a big iPhone you won't hate using

Read more