60 Minutes’ Sharyn Alfonsi went to Berlin in search of the word’s best hackers, and she found Security Research Labs led by Karsten Nohl, who has a doctorate in computer engineering from the University of Virginia.
By day, the firm specializes in advising Fortune 500 companies on security, but in the wee hours of the night, the team hacks devices we use every day in order to warn consumers and companies of existing vulnerabilities before the bad guys find them.
Alfonsi challenged the team to break into an off-the-shelf iPhone from New York that was given to U.S. Rep. Ted Lieu, D-Calif., a member of the House Budget Committee and the House Committee on Oversight and Government Reform. Lieu agreed to the experiment knowing the phone would likely be hacked.
“First, it’s really creepy. And second, it makes me angry.”
Turns out that all the team needed was the phone number to the iPhone. They were easily able to hear and record phone calls, see Lieu’s contacts, and know his whereabouts. They were even able to get the phone number of every incoming and outgoing call to and from his “borrowed” iPhone.
Even though Lieu knew beforehand the phone would be hacked, the reality of it was more startling. When a recording of one particular conversation was played back to him, he said, “First, it’s really creepy. And second, it makes me angry.”
This was all possible from a security flaw in Signaling System 7 (SS7), a little-known global network that connects all the phone carriers around the world. It’s known as the heart of the phone system. The bad news here is that it affects every phone on a cellular network, whether it’s running iOS, Android, or even Windows. Even if a user turns off location services on their phone, hackers would still be able to see the phone’s location via the network.
Unfortunately, no single entity governs the SS7 networks around the world, so it’s up to each carrier to make its own network secure. Nohl did say that some networks are harder to crack than others, but they all appear to be hackable.
60 Minutes contacted the Cellular Trade Industry Association (CTIA) and the organization admitted of some security breaches overseas, but said all the U.S. networks are secure. Unfortunately Nohl and his team proved that to be untrue since Lieu’s phone was in the U.S. during the time of the experiment.
Now if this isn’t scary enough for you, consider that Alfonsi also visited Lookout Security co-founder John Hering. To prove that every phone is hackable, he put together a team in Las Vegas to hack Alfonsi’s own phone. The team created a ghost network that appeared to be a hotel Wi-Fi. Once Alfonsi connected to this ghost network (thinking it was a legit hotel network), the team was able to get her email address, her account ID, and all the credit cards associated with it. Hering also showed how he could spy on Alfonsi using the front facing camera on her phone.
The reaction
As disturbing as Hering’s attack is, this type of breach is more complicated in that the number of victims are limited to those that are on the fake network or who received a file with malicious code through a text message.
The SS7 flaw can be used to hack any phone at any time, as long as the phone number is known. However, Nohl said that most people would not be a target for this type of attack. Politicians and other high-profile people would be more likely to fall victim to the SS7 flaw.
The theory is that the SS7 flaw is well known within the government, but it’s a hole that security agencies might not want plugged since it provides access to everyone’s phone. Lieu said that anyone who knows about this flaw and didn’t actively try to remedy it should be fired. “We can’t have 300 some million Americans, and really the global citizenry, be at risk of having their phone conversations intercepted with a known flaw simply because some intelligence agencies might get some data,” he said. “That is not acceptable.”
In a letter dated April 18, 2016 to Honorable Jason Chaffetz, Chairman, and Honorable Elijia Cummings, Ranking Member, of the House Committee on Oversight and Government Reform, Lieu called for a full investigation.
“The applications for this vulnerability are seemingly limitless, from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring U.S government officials,” he said. “The vulnerability has serious ramifications not only for individual privacy, but also for American innovation, competitiveness, and national security.”
Click here to read the full contents of Mr. Lieu’s letter.
As distressing as this news is to all of us, we have to be thankful for 60 Minutes and Karsten Nohl for exposing this well-known insider secret. Could this be the next big battle on Capitol Hill? Stay tuned.
This article was originally published on 04-18-16
Updated on 04-19-16 by Robert Nazarian: Added in news that Mr Lieu is calling for a full investigation of the SS7 network flaw.
