Congressman's iPhone hacked to show dangerous vulnerability

April 18, 2016

You’d like to think that your iOS device is safe from snooping, right? Especially since Apple refused to write “govtOS” to open up a backdoor into the iPhone. Unfortunately, a German hacker has demonstrated to “60 Minutes” a vulnerability that no smartphone is safe from, and he used a United States congressman’s iPhone to do it.

Karsten Nohl, a German hacker, has a doctorate in computer engineering from the University of Virginia. His security research lab advises Fortune 500 companies on computer security, and spends its nights looking for flaws in our smartphones, USB sticks, and SIM cards: the devices we use every day.

Nohl insisted to “60 Minutes” that all phones had the same vulnerability that would allow his team to track whom people call and what they say, as well as reading their text messages and track their location. To test the vulnerability, “60 Minutes” sent an off-the-shelf iPhone to Rep. Ted Lieu, who has a computer science degree and is a member of the House committee that overseas information technology. “60 Minutes” gave Nohl nothing more than the phone number associated with the iPhone.

By exploiting a security flaw in a global cellular network called Signaling System Seven (SS7), Nohl’s team was able to track all of the congressman’s phone calls, texts, and even his location. SS7 is used to connect phone carriers, and it’s essential for anybody with any cell phone to call or text each other. The worst thing is that no matter what apps you install or don’t install, whether you have location services turned on or off, the tracking continues to work.

The mobile network independent from the little GPS chip in your phone, knows where you are. So any choices that a congressman could’ve made, choosing a phone, choosing a pin number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network. That of course, is not controlled by any one customer.

- Karsten Nohl

Here’s the real bad news: United States cellular carriers are apparently lying about the vulnerability. When “60 Minutes” asked the cellular trade association about the attacks on the SS7 network, the association said “there have been reports of security breaches abroad, but assured us that all U.S. cellphone networks were secure.” Rep. Lieu was on a U.S. network using the loaner iPhone when he was part of the hacking demonstration.

According to Nohl, the SS7 vulnerability is “an open secret” among the world’s intelligence agencies, including those of the U.S., and those agencies don’t really want the vulnerability fixed. What if those agencies are actively discouraging the cellular providers from patching the exploit so they can maintain their ability to tap into our phones?

It’s a scary thought, and one that has Rep. Lieu pretty fired up. In fact, he believes that any intelligence agency officials who know about the flaw and claim they want it left open “should be fired.” I definitely agree, because the right to privacy for law-abiding citizens should take precedence over the nosiness of bored intelligence analysts.