60 Minutes: Hackers use Congressman’s iPhone to demo ability to listen into calls, monitor texts, track location

“Apple may take iOS security so seriously that it’s willing to do battle with the FBI over it, but German hackers have demonstrated that all phones – even iPhones – are susceptible to a mobile network vulnerability that requires nothing more than knowing your phone number,” Ben Lovejoy reports for 9to5Mac. “Armed with just that, hackers can listen to your calls, read your texts and track your position.”

60 Minutes invited the hackers to prove their claims by giving a brand new iPhone to Congressman Ted Lieu – who agreed to participate in the test – and telling the hackers nothing more than the phone number. The hackers later replayed recordings they’d made of calls made on that iPhone,” Lovejoy reports. “Karsten Nohl, a German hacker, with a doctorate in computer engineering from the University of Virginia, carried out the demonstration from a hacking conference in Berlin. In addition to recording calls and texts, he also demonstrated that he was able to track the Congressman’s location, even with the iPhone’s GPS turned off, using cellphone tower triangulation. Additionally, he was able to log the phone number of everyone who called the phone. None of this required any ability to access the iPhone itself, only the mobile networks.”

Lovejoy reports, “Nohl said that the SS7 vulnerability was well-known in some quarters, and that there was a reason it hasn’t yet been fixed. ‘The ability to intercept cellphone calls through the SS7 network is an open secret among the world’s intelligence agencies — -including ours — and they don’t necessarily want that hole plugged.'”

Read more in the full article here.

MacDailyNews Take: Not an iPhone or iOs vulnerability, specifically, but a mobile network vulnerability.

24 Comments

    1. Spies and criminals pretty much accept violation of laws as part of their job description. The point of the piece was to show how easy it is to do. After the US espionage against the German government I’m pretty sure German-based hackers get to play the FU card when it comes to actions against US citizens.

    2. Technically, no. There was no law broken. In this case, all parties concerned agreed to the recording of the test calls. That satisfies all state government regulations regarding recording of conversations. There is no violation of federal law of which I am aware as this test was among consenting private parties without government involvement.

      If, however, this was performed by the government or law enforcement without the consent of those involved, AND it was communication strictly within the USA, AND there was no warrant, then it would be a violation of the Fourth Amendment to the US Constitution.

      What’s sick is that we now know federal and law enforcement surveillance without warrants, or with lame ass FISC rubberstamp warrants, have been common in the USA for years. I’d very much enjoy some prosecutions, General Clapper.

  1. I watched the entire piece. And at no time did they specify that the iPhone in possession of the congressman was running iOS 8 or later. ALL of their demonstrations used android phones that were clearly running version 5.0 or earlier since they used the text message bug to activate the camera in the device.

    The ss7 problem is not ideal however using iMessage avoids this problem, as it is end to end encrypted. With phone calls you could use FaceTime audio which is also end to end encrypted… I found the report lacking and not at all in depth or honest.

    1. The confusing part of the piece is that, first, it goes on to expose this SS7 network issue, but then, they conflate that problem with a rather unrelated claim of inherent security vulenrability of all mobile phones, which they then demonstrate by sending a malicious attachment via text (to an Android phone, mind you), which allowed the hacker to turn on the camera and have the phone stream video to him with the screen of the phone completely turned off (and no indication that anything is working on it). Mixing these two problems together in the same story was quite confusing; first, they said that all the worlds phones are vulnerable because this is a network problem and hackers can listen in on conversations, texts, and check geo-location of those phones, then suddenly we are hearing about this other specific security issue, where you inadvertently install malware you got via text, and hackers can stream video from your phone’s camera. But that story gets no explanation: which phone OS? What type of malware? How do you protect yourself against it? Can you?

      Ordinary viewer essentially came away totally confused, with a scary message that her phone is easily hackable and there is nothing (s)he can do.

      1. You’re exactly correct. It was a misleading report and my grandmother, who was over to my house for Sunday dinner, asked me if her phone was safe. I said yes (since she has an iPhone 6 with the latest iOS). But she was completely frightened by the report.

        The conflation of the ss7 problem with the other issues (which don’t effect iOS at all or android 6.0 or later) was troubling to say the least. Either 60 minutes is incompetent or deliberately lying for to advance some kind of agenda. I wasn’t happy at all.

        1. “Either 60 minutes is incompetent or deliberately lying…”

          Given 60 Minutes history over a couple of decades, one would not be out of line in replacing “either/or” with “and”.

          1. I’d give kudos to 60 Minutes for airing the story. It’s an important issue that needs more exposure.

            The problems with it were lack of depth, precision and clarity. The basic problem with TV news shows. You had to be very aware of the various cell phones that were being used and the exact pieces of software being hacked.

            My solution: iPhones, Touch ID, FaceTime Audio calls, Messages. None of those were shown to be vulnerable in the piece. If they had been clear about Apples capabilities, it would have looked like an Apple ad.

            1. I agree to an extent with that, but they needed to be clear about what devices are effected by these things. It was the lack of depth and conflation of issues that bothered me. If Apple devices aren’t effected? They should say so.

      2. I thought all those same things.

        I wondered how many people (like my 74 year old Mom) watched that and came away convinced that hackers are able to turn on camera on their iPhone camera from the cell network without them knowing it. 2 distinct issues, muddled together haphazardly into one jumbled “report”.

      3. “Ordinary viewer essentially came away totally confused, with a scary message that her phone is easily hackable and there is nothing (s)he can do.”

        Which was probably the intent (if, in fact, there was any) all along. It could just be incompetence.

        This reminded me of a news segment done many years ago a vehicle (Chevy 4×4, if I recall) with fuel tanks that exploded in accidents. They had to rig the tanks to blow up because they couldn’t get them to explode in a staged accident.

        Wasn’t that 60 minutes, also? I think some news director ended up getting canned over it.

    1. There were several hacks mixed up in the story:

      (1) The SS7 hole, which probably would have worked on a landline, much less another non-Apple phone.

      (2) Spoofing a public WiFi network, which (again) will work on any connected device, be it mobile, laptop, or even desktop.

      (3) Use of phishing to get an Android user to download a malicious text message with code attached that can capture the phone’s operating system. This won’t work on iOS.

      So, three hacks that are either not specific to Apple or not applicable to Apple equipment. Even so, as I was watching the story I could see all the anti-iPhone press coming and the resultant drop in stock price. Behold!

      Sure enough.

  2. I’d like to see how they were intercepting readable texts if both the Congressman and Nohl were using iMessage on iPhones. If the Hacker was using a non iPhone device, then the iMessage end-to-end encryption is certainly broken and text can be read.

    The strong encryption of iMessage will suffice for text message of multi-factor security if, and only if, the groups at each end of the text are within the iMessage system (or some other system that supports end-to-end encryption). So there really is a way for this to be secure at this time, but beware if organizations are not doing it properly.

    Voice is typically not encrypted unless you’re using a specialized app (on both ends) for that or a designated secure device on both ends.

    1. Apparently, both FaceTime (audio AND video), and iMessage are end-to-end encrypted by default. So, if you’re talking to someone with an iPhone, forget about phone calls, just use FT and nobody can snoop.

    1. I did notice that. And if the “hacker” community trusts apple security, then that should be mentioned in the report.

      There is a reason that every year there is a significant prize for “hacking” safari/OS X in that large black hat competition. It’s extremely hard to do. Don’t you think that if iOS devices were easy to hack that there would be mass reports that Apple devices weren’t secure? Of course there would be, given the bias and willingness Togo after Apple for every small thing.

      The truth is that macs and by extension iOS devices have been the most secure platform for over 30 years. And by far more secure the last decade and a half.

  3. If you will be communicating with people who made the sad choice of buying an Android phone, you can use Signal (was aka Redphone for Android) – it has both text and voice, and is end-to-end encrypted. It is multi-platform so it works between iPhones and Android phones.
    Here’s a chart by the EFF of the security of various messaging platforms, including iMessage:
    https://www.eff.org/secure-messaging-scorecard

  4. I respect Leslie Stahl as a person, but frankly, she has had some half-assed reports for 60 minutes. Remember the one where she went to the Arctic Circle with some oil company execs, and they extolled the virtues of drilling for oil up there, and “with new drilling techniques, the chances of an environmental disaster are limited” . . . of course a few years later, BP brought us the Deepwater Horizon, and those trusted oil executives were nowhere to be found . . . and don’t get me started with that 60 minutes hack job on the NSA and Edward Snowden.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.