This article was published on April 18, 2016

’60 Minutes’ asked a security firm to hack an iPhone and we’re all basically screwed


’60 Minutes’ asked a security firm to hack an iPhone and we’re all basically screwed

Apple’s battle with the FBI may have whipped the tech world into a frenzy of establishment-hating wannabe anarchists, but it’s this ’60 minutes’ segment that should really piss you off.

Wanting to find out just how safe our phones are from hackers, the 60 minutes team sought professionals from Security Research Labs to break into Congressman Ted Lieu’s iPhone. Lieu, a member of the House Oversight and Reform Subcommittee on Information Technology (an acronym that’s dangerously close to spelling h-o-r-s-e-s-h-i-t) agreed to be the team’s guinea pig.

While security professionals are abuzz with theories — ranging from deep freezing the flash memory to creating its own operating system — on how the FBI accessed the San Bernardino shooter’s iPhone, it turns out all Security Research Labs needed to access secure data was Congressman Lieu’s phone number.

It’s not apples-to-apples; the researchers weren’t accessing encrypted files or attempting to gain access to the physical device, but what they were able to accomplish with just a phone number is still incredible.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

iPhoneSETNW

With those digits alone, the team was able to hear and record Lieu’s phone calls, track his movement, view his contacts and create a log of all incoming and outgoing calls.

For the Apple haters out there, hold on to your hats… the hack perpetrated on Lieu will work on any phone, using any carrier, running any operating system, and it’s all thanks to a security flaw in a piece of technology you’ve probably never heard of.

Signaling System 7 (SS7) is a global network that connects all phone carriers around the world into a singular hub, of sorts. The hack exploits a known security flaw in SS7, but one that’s proven relatively difficult to fix due to the way SS7 is governed, or not governed, in this case.

Currently, SS7 is used by all the world’s cellular carrier’s, but it’s not governed by any of them, or any single government entity either. Instead, it’s a sort of global collaboration with a ton of red tape and no real solution on how to close the security holes that plague the world’s cell phone users.

It should put you at ease that the world’s best hackers probably aren’t all that interested in your $300 bank account balance and your impressive collection of reaction GIFs, but it’s a scary time to be a smartphone user, nonetheless.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with