Congressman’s iPhone hacked easily on 60 Minutes show — The demo reveals hackers can spy and monitor everything on your mobile whatever security measures you take
After all the fuss about how the FBI was able to get a pass into an iPhone recently, 60 Minutes decided to do their own research. Unfortunately according to the results that were found, regardless of the strong encryption system that Apple puts on our devices, most users are still at risk.
The firm responsible for the hack results, Security Research Labs led by Karsten Nohl, is based in Berlin, Germany. The security firm’s day job involves advising most of the Fortune 500 companies on issues involving security, and by night they act as white hat hackers trying to find flaws to exploit in the tech industry and so they can report them to users and the responsible companies.
60 Minutes’ Sharyn Alfonsi, apparently challenged the hackers to break into an off-the-shelf iPhone that had been given to US Democrat Representative Ted Lieu, California. He is a member of the House Oversight and Reform SubCommittee on Information Technology. The Representative agreed to the experiment with full knowledge that the phone could be hacked.
[q]Hackers accepted the challenge and hacked congressman’s phone like a boss[/q]
In the hack, all the team needed was the Representative’s phone number. After that it became easy for the hackers to see his contacts, see his whereabouts and listen in on his conversations. They were also able to record phone calls and on top of that, could see the numbers of all incoming and outgoing calls received.
Even though Lieu knew that his phone was going to be hacked, the degree to which the hackers did it seemed to be startling to him. When one recording of his calls was played back to him he said, “First it’s really creepy. And second it makes me angry.”
The flaw is as a result of so-called Signaling System 7, which are a series of protocols which were discovered in 1970 connecting phone carriers around the world. The flaw affects everyone as long as they have the cellular network. Even when one user turns off their location services on the phone, hackers can still see the network via the network services.
The bad news is that there is no single body which can be looked to for security for the SS7, because network providers are responsible for their own security, though some networks are safer than others, none is indifferent to the attacks.
The SS7 attack can be done as long as one knows a phone number, according to Nohl. She also noted that the attack was most probably going to be towards high profile people with attackers targeting sensitive information to make wealth out of.
There has been a theory going on that the government knew about the flaw, but because of the advantages it represents for them they decided not to plug in the flaw. Lieu, however, said that if for any reason someone knew about the flaw and did not say anything, they deserve to be fired.
“We can’t have 300 some million Americans, and really the global citizenry, be at risk of having their phone conversations intercepted with a known flaw simply because some intelligence agencies might get some data,” he said. “That is not acceptable.”
Ways of avoiding the flaw
Some researchers and analysts have come out with ideas to be SS7 flaw free. The best option is to use all the modern apps that are available on the iOS and Google Play App Stores which make use of the end-to-end encryption. Such apps as WhatsApp and Telegram offer the features. Another popular example is Signal which most journalists prefer and was even given a thumbs up Edward Snowden.
The best knowledge to have however that, all systems are vulnerable. Anything can be hacked. The best way to not have any of your data hacked at all is not to send the sensitive information through that system.
This just comes in and offers another perspective on how the tech world and the government are going to continually fight for the safety of users data.