60 Minutes asked a security firm to hack an iPhone, and the result is disturbing

iPhone Passcode
ymgerman/123rf
With all the commotion surrounding Apple’s fight with the FBI, 60 Minutes did its own experiment to find out just how safe our phones are from hackers. Unfortunately even with Apple’s strong encryption standards, everyone’s privacy is still in serious jeopardy.

60 Minutes’ Sharyn Alfonsi went to Berlin in search of the word’s best hackers, and she found Security Research Labs led by Karsten Nohl, who has a doctorate in computer engineering from the University of Virginia.

By day, the firm specializes in advising Fortune 500 companies on security, but in the wee hours of the night, the team hacks devices we use every day in order to warn consumers and companies of existing vulnerabilities before the bad guys find them.

Alfonsi challenged the team to break into an off-the-shelf iPhone from New York that was given to U.S. Rep. Ted Lieu, D-Calif., a member of the House Budget Committee and the House Committee on Oversight and Government Reform. Lieu agreed to the experiment knowing the phone would likely be hacked.

“First, it’s really creepy. And second, it makes me angry.”

Turns out that all the team needed was the phone number to the iPhone. They were easily able to hear and record phone calls, see Lieu’s contacts, and know his whereabouts. They were even able to get the phone number of every incoming and outgoing call to and from his “borrowed” iPhone.

Even though Lieu knew beforehand the phone would be hacked, the reality of it was more startling. When a recording of one particular conversation was played back to him, he said, “First, it’s really creepy. And second, it makes me angry.”

This was all possible from a security flaw in Signaling System 7 (SS7), a little-known global network that connects all the phone carriers around the world. It’s known as the heart of the phone system. The bad news here is that it affects every phone on a cellular network, whether it’s running iOS, Android, or even Windows. Even if a user turns off location services on their phone, hackers would still be able to see the phone’s location via the network.

Unfortunately, no single entity governs the SS7 networks around the world, so it’s up to each carrier to make its own network secure. Nohl did say that some networks are harder to crack than others, but they all appear to be hackable.

60 Minutes contacted the Cellular Trade Industry Association (CTIA) and the organization admitted of some security breaches overseas, but said all the U.S. networks are secure. Unfortunately Nohl and his team proved that to be untrue since Lieu’s phone was in the U.S. during the time of the experiment.

Now if this isn’t scary enough for you, consider that Alfonsi also visited Lookout Security co-founder John Hering. To prove that every phone is hackable, he put together a team in Las Vegas to hack Alfonsi’s own phone. The team created a ghost network that appeared to be a hotel Wi-Fi. Once Alfonsi connected to this ghost network (thinking it was a legit hotel network), the team was able to get her email address, her account ID, and all the credit cards associated with it. Hering also showed how he could spy on Alfonsi using the front facing camera on her phone.

The reaction

As disturbing as Hering’s attack is, this type of breach is more complicated in that the number of victims are limited to those that are on the fake network or who received a file with malicious code through a text message.

The SS7 flaw can be used to hack any phone at any time, as long as the phone number is known. However, Nohl said that most people would not be a target for this type of attack. Politicians and other high-profile people would be more likely to fall victim to the SS7 flaw.

The theory is that the SS7 flaw is well known within the government, but it’s a hole that security agencies might not want plugged since it provides access to everyone’s phone. Lieu said that anyone who knows about this flaw and didn’t actively try to remedy it should be fired. “We can’t have 300 some million Americans, and really the global citizenry, be at risk of having their phone conversations intercepted with a known flaw simply because some intelligence agencies might get some data,” he said. “That is not acceptable.”

In a letter dated April 18, 2016 to Honorable Jason Chaffetz, Chairman, and Honorable Elijia Cummings, Ranking Member, of the House Committee on Oversight and Government Reform, Lieu called for a full investigation.

“The applications for this vulnerability are seemingly limitless, from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring U.S government officials,” he said. “The vulnerability has serious ramifications not only for individual privacy, but also for American innovation, competitiveness, and national security.”

Click here to read the full contents of Mr. Lieu’s letter.

As distressing as this news is to all of us, we have to be thankful for 60 Minutes and Karsten Nohl for exposing this well-known insider secret. Could this be the next big battle on Capitol Hill? Stay tuned.

This article was originally published on 04-18-16

Updated on 04-19-16 by Robert Nazarian: Added in news that Mr Lieu is calling for a full investigation of the SS7 network flaw.

Computing

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

There's more to Amazon Prime than free two-day shipping, including access to a number of phenomenal shows at no extra cost. To make the sifting easier, here are our favorite shows currently streaming on Amazon Prime.
Movies & TV

The best movies you’ll find on Hulu right now (February 2019)

From dramas to blockbusters, Hulu offers some great films to its subscribers. Check out the best movies on Hulu, whether you're into charming adventure tales or gruesome horror stories.
Home Theater

The best movies on Netflix in December, from 'Buster Scruggs’ to 'Roma'

Save yourself from hours wasted scrolling through Netflix's massive library by checking out our picks for the streamer's best movies available right now, whether you're into explosive action, witty humor, or anything else.
Mobile

Samsung Galaxy S10 vs. S10 Plus vs. S10e vs. S10 5G: Which should you buy?

With four stunning Galaxy S10 phones to choose from, Samsung is bombarding us with choice, but which one should you buy? We compare the S10, S10 Plus, S10e, and S10 5G in various categories to find out exactly how they differ.
Wearables

Samsung's new Galaxy Watch Active can track your blood pressure

Looking for a new fitness buddy? Samsung just launched the Galaxy Watch Active and the Galaxy Fit, two new wearables with a raft of fitness-focused features that'll keep you moving and get you down the gym.
Mobile

Adobe Premiere Rush CC is coming to the Samsung Galaxy S10 this year

The Samsung Galaxy S10 boasts a number of hardware improvements over previous Samsung phones, but it also offers a few software improvements too. Adobe Premiere Rush CC, for example, is coming to the Samsung Galaxy S10 later this year.
Gaming

Samsung Galaxy S10 optimizations make it great for Fortnite

Samsung's new line of Galaxy S10 devices have been optimized for gaming. All three offer improved support for the Unity engine and the S10 Plus also offers vapor chamber cooling, similar to the Xbox One X.
Mobile

From folding phones to 5G -- here's everything we saw at Galaxy Unpacked

Samsung's Galaxy Unpacked event treated us to a real parade of technological excellence, from folding phones to new fitness wearables. Here's everything we saw at Galaxy Unpacked on February 20.
Mobile

Google’s radical Gmail redesign is finally rolling out on Android

Google is slowly but surely giving its apps a refresh, modernizing them and ensuring that they're easy to use. The latest app to get a redesign is the Gmail app for Android, which has been redesigned with a few tweaks.
Mobile

The best Samsung Galaxy S10 Plus cases to protect your $1,000 phone

Can't get enough of big phones? The Samsung Galaxy S10 Plus is absolutely up your alley. But it's still fragile, and damage is easily gathered through normal life. Protect it with the best Galaxy S10 Plus cases.
Mobile

Samsung Galaxy S10 vs. Galaxy S9: How much better is Samsung’s new flagship?

You'd naturally expect the Samsung Galaxy S10 to be better than last year's S9, but just how do the two phones differ? We break down the specs and compare Samsung's flagships in various categories to pick a winner.
Product Review

The Galaxy Watch Active is the right size for you, no matter how big or small your wrist is

Launched among a massive array of other new products, the Samsung Galaxy Watch Active could easily have been missed at Galaxy Unpacked 2019 -- which would be unfortunate. This is a sensibly designed, correctly sized smartwatch suitable for…
Mobile

Protect and style your Samsung Galaxy S10 with the best cases and covers

If you've splashed the cash for a shiny new Samsung Galaxy S10, then you'll want to take steps to protect your investment. With a metal frame and glass curves, the S10 needs some cover. Check out the best Samsung Galaxy S10 cases.