Apple takes security and privacy seriously, which gives us peace of mind when we buy a device like the iPhone. But they’re not immune to hacking and snooping. To prove this, German hacker Karsten Nohl demonstrated his ability to snoop on phone calls and text messages during an episode of the CBS show 60 Minutes.
According to Nohl, the iPhone is no more secure than an Android device. “All phones are the same,” he told 60 Minutes’ Sharyn Alfonsi, and with the right technology, you can track a person’s whereabouts, listen to their calls, read their text messages, and more.
All Nohl needs to do this is the target’s phone number. To put his claims to the test, CBS took a standard, “off-the-shelf” iPhone and gave it to Representative Ted Lieu, a congressman from California. They then gave the phone number to Nohl.
“As soon as I called Congressman Lieu on his phone, Nohl and his team were listening and recording both ends of our conversation,” Alfonsi reports. “They were able to do it by exploiting a security flaw they discovered in Signaling System Seven— or SS7.”
SS7 is said to be a little-known but vital global network that connects phone carriers. Every single person with a cellphone uses SS7 to call or text each other, and billions of calls and texts travel through it every day. It is also the network that allows phones to roam abroad.
Nohl didn’t just use SS7 to intercept phone calls and text messages; he also used it to track Congressman Lieu’s trip to Washington and back home. What’s more, Nohl can even use this method when location services are disabled on the target device.
The good news is, Nohl isn’t a bad hacker. He works for a security research firm that advises Fortune 500 companies on security during the day, and looks for vulnerabilities in the devices we use everyday — smartphones, SIM cards, USB sticks, and more — during the night.
Nohl and his firm were legally granted access to SS7 by international carriers. “In exchange, the carriers wanted Nohl to test the network’s vulnerability to attack,” explains 60 Minutes. The reason for this is bad hackers have proven they can gain access to SS7 illegally.
Due to the size of SS7 and the number of carriers that use it, securing it has become incredibly difficult, and some carriers are easier to access than others. The cellular phone trade association claims that although there have been breaches abroad, U.S. cellphone networks are secure.
However, the iPhone used by Congressman Lieu was connected to a U.S. carrier.
“Karsten Nohl’s team automatically logged the number of every phone that called Congressman Lieu,” reports Alfonsi, “which means there’s a lot more damage that could be done than just intercepting that one phone call.”
Once Nohl has the cellphone numbers of Lieu’s associates, he can hack them, too. Nohl says that political leaders and business executives are targeted most by SS7 hacks, obviously because their communications could be of high value.
But anyone who uses a cellphone is at risk here, and no matter how good the software on your smartphone might be, it can’t make SS7 any more secure. The good news is, SS7 isn’t the most common method a hacker will use to access your phone.
John Hering, founder of Lookout, shows CBS another more common method that steals data from devices connected to a malicious Wi-Fi network.
This is called spoofing; users believe they are connecting to a safe network — perhaps in a hotel or coffee shop — but all the data that passes through it is intercepted, including the apps being used, account IDs, and even credit card information.
“We live in a world where we cannot trust the technology that we use,” Hering said. Fortunately, we can protect ourselves from attacks like this one by connecting only to trusted networks, and being careful about what we do while using public networks.
[60 Minutes]