Thursday, September 15, 2016

Your Phone Can Be Easily Hacked

Many people argue over which phone is best: Iphone or Android. According to a report repeated on the September 4th episode of 60 Minutes, that argument is moot when it comes to hacking, as both types are just as vulnerable.

Since some of the world’s best hackers are in Germany, Sharyn Alfonsi, a 60 Minutes correspondent, went to Berlin to interview Dr. Karsten Nohl, the head of Security Research Labs. During the day, the lab advises Fortune 500 companies on computer security. At night, the team looks for vulnerabilities in the devices we use every day—smart phones USB sticks, and SIM cards—so they can warn the public about the risks. Right now, they are concentrating on mobile phone networks.

With just a phone number, Nohl claimed he could get into Alfonsi’s phone and retrieve all her transactions (including credit card numbers), track her location, see where she went, which people she met and when, see who she calls and what they say, and read her texts.

To test this claim, 60 Minutes sent an off-the-shelf iPhone to Representative Ted Lieu of California along with the telephone number registered to it. Lieu agreed to use the phone knowing it would be hacked. Alfonsi called from Berlin and Nohl hacked in.

How did he do it? By exploiting a security flaw in the Signaling System Seven (SS7), the global network that connects phone carriers, though he admitted that some were easier to hack than others. He recorded the congressman’s calls and tracked his movements in Washington and back in California. Lieu admitted that this was "immensely troubling."

John Hering, who cofounded the mobile security company, Lookout, when he was 23, has developed a free app that scans mobile phones for malware and alerts users when the phones are attacked. According to Hering, there are only two types of companies and people: those who have been hacked and realize it and those who have been hacked and don’t.

He claims that most phone hacks are not via SS7 but via spoofing, explaining that people install malicious applications and willingly give up their passwords every day.

60 Minutes contacted the cellular phone trade association, which claimed that SS7 attacks could not happen on a U.S. network but are only a problem on foreign ones. The hacking of Lieu’s 60 Minutes phone, however, proved exactly the opposite.

The problem is that the world’s intelligence agencies don’t want this flaw fixed. Leiu stated that the people who know about it and aren't doing anything to rectify it should be fired. Adds Hering, "We live in a world where we cannot trust the technology that we use."

To read the full transcript of this story, please go to