CBS correspondent Sharyn Alfonsi, left, with hacker Karsten Nohl CBS correspondent Sharyn Alfonsi, left, with hacker Karsten Nohl
Comments (58)

CBS correspondent Sharyn Alfonsi, left, with hacker Karsten Nohl

CBS correspondent Sharyn Alfonsi, left, with hacker Karsten Nohl

Update: Rep. Ted Lieu has now written to the Chairman of the House Committee on Oversight and Government Reform requesting a formal investigation into the vulnerability. In his letter, the Congressman says that the flaw threatens ‘personal privacy, economic competitiveness and U.S. national security.’ The full text of his letter can be found at the bottom of the piece.

Apple may take iOS security so seriously that it’s willing to do battle with the FBI over it, but German hackers have demonstrated that all phones – even iPhones – are susceptible to a mobile network vulnerability that requires nothing more than knowing your phone number. Armed with just that, hackers can listen to your calls, read your texts and track your position.

60 Minutes invited the hackers to prove their claims by giving a brand new iPhone to Congressman Ted Lieu – who agreed to participate in the test – and telling the hackers nothing more than the phone number. The hackers later replayed recordings they’d made of calls made on that iPhone …

They were able to do it by exploiting a security flaw they discovered in Signaling System Seven or SS7 […] The SS7 network is the heart of the worldwide mobile phone system. Phone companies use SS7 to exchange billing information. Billions of calls and text messages travel through its arteries daily. It is also the network that allows phones to roam.

Karsten Nohl, a German hacker, with a doctorate in computer engineering from the University of Virginia, carried out the demonstration from a hacking conference in Berlin. In addition to recording calls and texts, he also demonstrated that he was able to track the Congressman’s location, even with the iPhone’s GPS turned off, using cellphone tower triangulation. Additionally, he was able to log the phone number of everyone who called the phone. None of this required any ability to access the iPhone itself, only the mobile networks.

Rep. Ted Lieu said that he was shocked by what the hackers had been able to achieve.

Last year, the president of the United States called me on my cellphone. And we discussed some issues. So if the hackers were listening in, they would know that phone conversation [and the President’s mobile number]. And that’s immensely troubling.

Nohl said that the SS7 vulnerability was well-known in some quarters, and that there was a reason it hasn’t yet been fixed.

The ability to intercept cellphone calls through the SS7 network is an open secret among the world’s intelligence agencies — -including ours — and they don’t necessarily want that hole plugged.

Lieu said that this was totally unacceptable.

The people who knew about this flaw and saying that should be fired. You cannot have 300-some million Americans – and really, right, the global citizenry – be at risk of having their phone conversations intercepted with a known flaw, simply because some intelligence agencies might get some data. That is not acceptable.

While the court battle between Apple and the FBI is over, they will again face off in Congress tomorrow. Apple general counsel Bruce Sewell and FBI executive assistant director Amy Hess will testify on separate panels before House Energy and Commerce subcommittee. Separately, two members of the Senate Intelligence Committee have proposed a bill to force tech companies to decrypt devices for law enforcement, though one Senator has vowed to block the legislation with a filibuster.


FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear