60 Minutes Finds Giant Network Vulnerabilities, Hacks Congressman’s iPhone
As a result of the on-going encryption battle between Apple and the FBI, 60 Minutes decided to dedicate a segment on their television show to an experiment on the security of the iPhone. The show found that no matter how high Apple’s encryption standards are, everyone’s privacy is still in serious jeopardy.
Sharyn Alfonsi, staff member of 60 Minutes, collaborated with Security Research Labs led by Karsten Nohl. The firm specializes in advising Fortune 500 companies on security, but they also work as a team to find vulnerabilities in the devices we use every day in order to warn consumers and companies.
Alfonsi challenged the team to break into an off-the-shelf iPhone from New York that was given to U.S. Rep. Ted Lieu, D-Calif., a member of the House Oversight and Reform Subcommittee on Information Technology. Lieu agreed to the experiment knowing that the phone would most likely be hacked.
All the team needed was the number attributed to the phone. They were easily able to tap into phone calls and hear and record them as well as receive the phone number of person he was talking to. They were able to extract Lieu’s contacts and know his whereabouts.
The team was able to tap into the phone by taking advantage of a security flaw in Signaling System 7 (SS7), a little-known global network that connects all phone carriers around the world. SS7 is also know as the heart of the phone system. This system literally connects all of the phones across the entire world to each other; it doesn’t matter if you are using an iOS, Android or Windows device. Even if the user turns off the location settings on their phones, hackers are still able to see a location by using the phone’s location via the network.
To take this disturbing tale even further, Alfonsi met with Lookout Security co-founder John Hering. Hering put together a team and tried to hack Alfonsi’s phone. The team created a “ghost network” that appeared to be hotel Wi-Fi and once Alfonsi connected to the wireless internet, the team was able to get her email address, her account ID and all the credit cards associated with it. Hering also showed how he could spy on Alfonsi using the front facing camera.
Hering explained that as crazy as this hack is, it is also a lot more complex and the number of victims are dramatically lower than those who are affected by the kind of hacking that plagued Lieu.
The news has already created waves on social media, showing that many people are paying attention to the 60 Minutes’ experiment. Many news sources such as Time and CNN are writing articles to help users “avoid the scary 60 Minutes hack.”
Could SS7 be the new device-privacy debate on Capitol Hill? Now that 60 Minutes has exposed one of the most little-known secrets of hackers around the world, how will tech companies, government and even the device users themselves react?
What are your thoughts? Do these network vulnerabilities show that our device is never as secure as we think it is or is this just the beginning of an overhaul in the way that our privacy is protected?
Posted by Sydny Shepard on Apr 19, 2016