Skip to main content

60 Minutes asked a security firm to hack an iPhone, and the result is disturbing

iPhone Passcode
With all the commotion surrounding Apple’s fight with the FBI, 60 Minutes did its own experiment to find out just how safe our phones are from hackers. Unfortunately even with Apple’s strong encryption standards, everyone’s privacy is still in serious jeopardy.

60 Minutes’ Sharyn Alfonsi went to Berlin in search of the word’s best hackers, and she found Security Research Labs led by Karsten Nohl, who has a doctorate in computer engineering from the University of Virginia.

By day, the firm specializes in advising Fortune 500 companies on security, but in the wee hours of the night, the team hacks devices we use every day in order to warn consumers and companies of existing vulnerabilities before the bad guys find them.

Alfonsi challenged the team to break into an off-the-shelf iPhone from New York that was given to U.S. Rep. Ted Lieu, D-Calif., a member of the House Budget Committee and the House Committee on Oversight and Government Reform. Lieu agreed to the experiment knowing the phone would likely be hacked.

“First, it’s really creepy. And second, it makes me angry.”

Turns out that all the team needed was the phone number to the iPhone. They were easily able to hear and record phone calls, see Lieu’s contacts, and know his whereabouts. They were even able to get the phone number of every incoming and outgoing call to and from his “borrowed” iPhone.

Even though Lieu knew beforehand the phone would be hacked, the reality of it was more startling. When a recording of one particular conversation was played back to him, he said, “First, it’s really creepy. And second, it makes me angry.”

This was all possible from a security flaw in Signaling System 7 (SS7), a little-known global network that connects all the phone carriers around the world. It’s known as the heart of the phone system. The bad news here is that it affects every phone on a cellular network, whether it’s running iOS, Android, or even Windows. Even if a user turns off location services on their phone, hackers would still be able to see the phone’s location via the network.

Unfortunately, no single entity governs the SS7 networks around the world, so it’s up to each carrier to make its own network secure. Nohl did say that some networks are harder to crack than others, but they all appear to be hackable.

60 Minutes contacted the Cellular Trade Industry Association (CTIA) and the organization admitted of some security breaches overseas, but said all the U.S. networks are secure. Unfortunately Nohl and his team proved that to be untrue since Lieu’s phone was in the U.S. during the time of the experiment.

Now if this isn’t scary enough for you, consider that Alfonsi also visited Lookout Security co-founder John Hering. To prove that every phone is hackable, he put together a team in Las Vegas to hack Alfonsi’s own phone. The team created a ghost network that appeared to be a hotel Wi-Fi. Once Alfonsi connected to this ghost network (thinking it was a legit hotel network), the team was able to get her email address, her account ID, and all the credit cards associated with it. Hering also showed how he could spy on Alfonsi using the front facing camera on her phone.

The reaction

As disturbing as Hering’s attack is, this type of breach is more complicated in that the number of victims are limited to those that are on the fake network or who received a file with malicious code through a text message.

The SS7 flaw can be used to hack any phone at any time, as long as the phone number is known. However, Nohl said that most people would not be a target for this type of attack. Politicians and other high-profile people would be more likely to fall victim to the SS7 flaw.

The theory is that the SS7 flaw is well known within the government, but it’s a hole that security agencies might not want plugged since it provides access to everyone’s phone. Lieu said that anyone who knows about this flaw and didn’t actively try to remedy it should be fired. “We can’t have 300 some million Americans, and really the global citizenry, be at risk of having their phone conversations intercepted with a known flaw simply because some intelligence agencies might get some data,” he said. “That is not acceptable.”

In a letter dated April 18, 2016 to Honorable Jason Chaffetz, Chairman, and Honorable Elijia Cummings, Ranking Member, of the House Committee on Oversight and Government Reform, Lieu called for a full investigation.

“The applications for this vulnerability are seemingly limitless, from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring U.S government officials,” he said. “The vulnerability has serious ramifications not only for individual privacy, but also for American innovation, competitiveness, and national security.”

Click here to read the full contents of Mr. Lieu’s letter.

As distressing as this news is to all of us, we have to be thankful for 60 Minutes and Karsten Nohl for exposing this well-known insider secret. Could this be the next big battle on Capitol Hill? Stay tuned.

This article was originally published on 04-18-16

Updated on 04-19-16 by Robert Nazarian: Added in news that Mr Lieu is calling for a full investigation of the SS7 network flaw.

Editors' Recommendations

Robert Nazarian
Former Digital Trends Contributor
Robert Nazarian became a technology enthusiast when his parents bought him a Radio Shack TRS-80 Color. Now his biggest…
Can my iPhone get iOS 17? Here’s every supported model
Someone holding an iPhone 14 Pro Max and iPhone 14 Pro next to each other.

The latest version of iOS, iOS 17, comes with a host of new features, including phone call customizations, Live Voicemail, updated iMessage features, and many more. While the update is compatible with many iPhone models, it is not supported by all.

Apple's iOS 17 was announced at the Worldwide Developers Conference (WWDC 2023) alongside iPadOS, macOS, and more updates. It's an exciting update, but is it one you can get on your iPhone?
Which iPhone models can download iOS 17?
Apple iPhone 8 Julian Chokkattu/Digital Trends

Read more
10 colors I wish Apple made for the iPhone 15 and iPhone 15 Pro
iPhone 15 Pro in a red color.

Apple finally revealed the iPhone 15 at its “Wonderlust” event on September 12. This lineup includes the iPhone 15, iPhone 15 Plus, iPhone 15 Pro, and iPhone 15 Pro Max. There were other products announced during the event as well, but the iPhone 15 series is the biggest of the bunch.

However, Apple’s really been dropping the ball lately in terms of device colors. This year is especially bad with the very pastel and muted colors of the iPhone 15 models, not to mention the various shades of gray for the iPhone 15 Pro variants.

Read more
The iPhone 15 Pro isn’t the iPhone upgrade I hoped it would be
Apple iPhone 15 Pro with titanium frame.

When Apple introduced the first “Pro” iPhone in 2019, it stood with an additional telephoto camera at the back. To this day, the third lens serves as a proud marker of the Pro moniker. The camera chops are what predominantly separated these pricey trims from the non-Pro variants.

As Apple’s fall launch event unfolded last week, I was hoping to see some big camera upgrades fitting for the new Pro models. Yet, the only meaningful camera upgrade we got was kept exclusive to the iPhone 15 Pro Max. Instead of the iPhone 14 Pro’s 3x zoom camera, the iPhone 15 Pro Max makes the jump to a 5x telephoto camera.

Read more