Many people argue over which phone is best:
Iphone or Android. According to a report repeated on the September 4th episode
of 60 Minutes, that argument is moot when it comes to hacking, as both
types are just as vulnerable.
Since some of the world’s best hackers are in Germany, Sharyn Alfonsi, a 60
Minutes correspondent, went to Berlin to interview Dr. Karsten Nohl, the
head of Security Research Labs. During the day, the lab advises Fortune 500
companies on computer security. At night, the team looks for vulnerabilities in
the devices we use every day—smart phones USB sticks, and SIM cards—so they can
warn the public about the risks. Right now, they are concentrating on mobile
phone networks.
With just a phone number, Nohl claimed he could get into Alfonsi’s phone and
retrieve all her transactions (including credit card numbers), track her
location, see where she went, which people she met and when, see who she calls
and what they say, and read her texts.
To test this claim, 60 Minutes sent an off-the-shelf iPhone to
Representative Ted Lieu of California along with the telephone number
registered to it. Lieu agreed to use the phone knowing it would be hacked.
Alfonsi called from Berlin and Nohl hacked in.
How did he do it? By exploiting a security flaw in the Signaling System Seven
(SS7), the global network that connects phone carriers, though he admitted that
some were easier to hack than others. He recorded the congressman’s calls and
tracked his movements in Washington and back in California. Lieu admitted that
this was "immensely troubling."
John Hering, who cofounded the mobile security company, Lookout, when he was
23, has developed a free app that scans mobile phones for malware and alerts
users when the phones are attacked. According to Hering, there are only two
types of companies and people: those who have been hacked and realize it and
those who have been hacked and don’t.
He claims that most phone hacks are not via SS7 but via spoofing, explaining
that people install malicious applications and willingly give up their
passwords every day.
60 Minutes contacted the cellular phone trade association, which claimed
that SS7 attacks could not happen on a U.S. network but are only a problem on
foreign ones. The hacking of Lieu’s 60 Minutes phone, however, proved
exactly the opposite.
The problem is that the world’s intelligence agencies don’t want this flaw
fixed. Leiu stated that the people who know about it and aren't doing anything
to rectify it should be fired. Adds Hering, "We live in a world where we
cannot trust the technology that we use."
To read the full transcript of this story, please go to http://www.cbsnews.com/news/60-minutes-hacking-your-phone/