Wanting to find out just how safe our phones are from hackers, the 60 minutes team sought professionals from Security Research Labs to break into Congressman Ted Lieu’s iPhone. Lieu, a member of the House Oversight and Reform Subcommittee on Information Technology (an acronym that’s dangerously close to spelling h-o-r-s-e-s-h-i-t) agreed to be the team’s guinea pig.
Win a trip to Amsterdam!
We've teamed up with Product Hunt to offer you the chance to win an all expense paid trip to TNW Conference 2017!
While security professionals are abuzz with theories — ranging from deep freezing the flash memory to creating its own operating system — on how the FBI accessed the San Bernardino shooter’s iPhone, it turns out all Security Research Labs needed to access secure data was Congressman Lieu’s phone number.
It’s not apples-to-apples; the researchers weren’t accessing encrypted files or attempting to gain access to the physical device, but what they were able to accomplish with just a phone number is still incredible.
With those digits alone, the team was able to hear and record Lieu’s phone calls, track his movement, view his contacts and create a log of all incoming and outgoing calls.
For the Apple haters out there, hold on to your hats… the hack perpetrated on Lieu will work on any phone, using any carrier, running any operating system, and it’s all thanks to a security flaw in a piece of technology you’ve probably never heard of.
Signaling System 7 (SS7) is a global network that connects all phone carriers around the world into a singular hub, of sorts. The hack exploits a known security flaw in SS7, but one that’s proven relatively difficult to fix due to the way SS7 is governed, or not governed, in this case.
Currently, SS7 is used by all the world’s cellular carrier’s, but it’s not governed by any of them, or any single government entity either. Instead, it’s a sort of global collaboration with a ton of red tape and no real solution on how to close the security holes that plague the world’s cell phone users.
It should put you at ease that the world’s best hackers probably aren’t all that interested in your $300 bank account balance and your impressive collection of reaction GIFs, but it’s a scary time to be a smartphone user, nonetheless.