back to article US congresscritter's iPhone hacked (with, er, the cell networks' help)

America's flagship news program 60 Minutes has demonstrated how to "hack" a US congressman's smartphone. One little thing to bear in mind about this incredible scoop: the vulnerability has been in circulation since 2014 ... and it requires high-level access to global phone networks. House representative Ted Lieu (D-CA) loaned …

  1. Ole Juul

    within the grasp of powerful crime gangs and government agents

    That's exactly the bunch that worries me most.

    1. Voland's right hand Silver badge

      Re: within the grasp of powerful crime gangs and government agents

      Powerful? Not really. I have installed SS7 feeds in Telehouse as a part of doing some "remote hands" moonshining for an Eastern European VOIP provider.

      You need a rack a server or two, a front of some sorts and a PO. There are no proper background checks really so if you have 20k budget to take out a target, you can do that with ease. Alternatively, the same budget will buy you "anything you want" in one of the "fifth tier" island banana republic mobile telcos.

      20K is not a "powerful" gang budget by any means. Sure - it is not "free" and not "lonely hacker with fake Aspergers in mom's basement" type of hack, but it is not a "nation state" hack either.

      1. MiguelC Silver badge

        -1 for the disparaging comment...

        Was going to upvote, then read the last paragraph

        1. FIA Silver badge

          Re: -1 for the disparaging comment...

          Was going to upvote, then read the last paragraph

          Genuine question, what did you find disparaging?

          1. Anonymous Coward
            Anonymous Coward

            Re: -1 for the disparaging comment...

            >Genuine question, what did you find disparaging?

            I'd guess it was the "fake Asperger's" - hard to tell if that's a jibe @ McKinnon or a rather more insightful acknowledgement that it's now become the 'go to defence' used to defend every anti-social dick-head at the expense of the #actuallyautisic massive. I'm up-voting in the believe it's the latter.

            1. Anonymous Coward
              Anonymous Coward

              Re: -1 for the disparaging comment...

              Whilst I don't agree with ASD used as some kind of get out of jail card, the fact that it's being recognised in criminals is a good thing. Or maybe we should just lock them up and throw away the key? /sarcasm

              But it doesn't surprise me that there are noses put out by the fact that what used to be separate diagnoses are now lumped into a unified spectrum disorder, which includes so-called 'fake Aspergers' and '#actuallyautistic'.

              1. x 7

                Re: -1 for the disparaging comment...

                why should Asperger's syndrome - or any other syndrome - be regarded as a valid excuse? The sufferers (if that's the right word) don't lose their morals, their judgement of whats right or wrong. They KNOW what they are doing is wrong, but do it anyway. As a comparison, we don't let psychopathic murderers go unpunished because they have a mental illness. Asperger's syndrome, or Autism are not excuses and should never be treated as such.

      2. Eddy Ito

        Re: within the grasp of powerful crime gangs and government agents

        Isn't this basically what the FBI do with their mobile MitM Stingray kit?

        1. Anonymous Coward
          Anonymous Coward

          Re: within the grasp of powerful crime gangs and government agents

          > Isn't this basically what the FBI do with their mobile MitM Stingray kit?

          ...and your local police dept, most likely.

          https://www.aclu.org/map/stingray-tracking-devices-whos-got-them

    2. Anonymous Coward
      Anonymous Coward

      Re: within the grasp of powerful crime gangs and government agents

      "...powerful crime gangs and government agents"

      No need to repeat yourself.

  2. redpawn

    At least

    the neighbor kid can't listen in so you're safe enough. USA USA USA. Only the best for US.

    1. Version 1.0 Silver badge

      Re: At least

      The phone was connected via Wi-Fi so the neighborhood kid could easily listen in - there's quite a bit of neat kit on the market that allows anyone with some technical abilities to hijack your Wi-Fi connections. Easy decryption of the phone call it is a separate issue but it's probably not impossible - actually, writing that I've just thought of a possible attack vector.

      1. Androgynous Cupboard Silver badge

        Re: At least

        > there's quite a bit of neat kit on the market that allows anyone with some technical abilities to hijack your Wi-Fi connections.

        Reference please, to something that will hijack WPA2-AES not WEP.

  3. raving angry loony

    within the grasp of powerful crime gangs and government agents

    There's a difference?

    1. Trevor_Pott Gold badge

      Re: within the grasp of powerful crime gangs and government agents

      Yes and no. If you're talking Russia, I doubt it. But the USA? Yeah, there's a difference.

      When you work for a crime gang or a pervasively corrupt government you tend to know you're not the good guy. Unfortunately governments exist where the higher ups are corrupt, but the day-to-day joes are largely decent people. This means that the majority of those working for these sorts of governments honestly thin they're the good guys.

      There are a handful of governments (mostly Nordic) where corruption is actually a rather rare phenomenon, and thus it is legitimate for the minions to think they're probably working for the good guys, but there sure aren't a lot of those governments out there.

      So yeah, there's some difference between a crime gang a government, if only in how they recruit.

      1. a_yank_lurker

        Re: within the grasp of powerful crime gangs and government agents

        The only difference between a criminal gang and the government in the US is ... never mind they are the same.

        1. chivo243 Silver badge

          Re: within the grasp of powerful crime gangs and government agents

          @a_yank_lurker

          One is elected, and one rises to the occasion by survival of the fittest. Not many 40 yr old gang leaders left in Chicago...

        2. Peter Simpson 1

          Re: within the grasp of powerful crime gangs and government agents

          The only difference between a criminal gang and the government in the US is ...

          The Government's doing it to "protect" you

          1. Robert Helpmann??
            Childcatcher

            Re: within the grasp of powerful crime gangs and government agents

            The only difference between a criminal gang and the government in the US is ...

            The Government's doing it to "protect" you

            Yeah, that's why it's called protection money... no, er... taxes! That's what I meant. I can see how an IRS audit might go: "That's a really nice 401K you have there. It would be a real shame if something were to happen to it. Capisce?"

      2. Ole Juul

        Re: within the grasp of powerful crime gangs and government agents

        I agree with Trevor. I was being facetious in my top post. For some purposes they can be considered the same, but some government workers genuinely believe they are doing good, even if they aren't.

        1. solo

          Re: genuinely believe they are doing good

          I always though that Frankenstein made the monster out of boredom..nothing about good or bad

        2. Anonymous Coward
          Anonymous Coward

          Re: within the grasp of powerful crime gangs and government agents

          arguably, the workers for powerful crime gangs also genuinely believe they're doing good. For the bosses, for their families, practically everybody should be happy. The rest, oh well, collateral damage, really sorry.

      3. Voland's right hand Silver badge

        Re: within the grasp of powerful crime gangs and government agents

        When you work for a crime gang or a pervasively corrupt government you tend to know you're not the good guy

        With all due respect, the definition of good when getting into 3 letter territory gets very fuzzy in most countries. Even countries which start from the "moral high ground" quickly descend into financing "freedom fighters" which take whole schools hostage and execute primary school kids.

        In fact, compared to some of the more reprehensible acts of KGB, GRU, CIA and friends, the mob looks like a catholic nun convent.

      4. MiguelC Silver badge

        Re: within the grasp of powerful crime gangs and government agents

        Yes, Nordic governments are above all that; just don't ask the -former- Icelandic prime minister about shell companies incorporated in fiscal paradises...

        1. Anonymous Coward
          Anonymous Coward

          Re: within the grasp of powerful crime gangs and government agents

          "Yes, Nordic governments are above all that; just don't ask the -former- Icelandic prime minister about shell companies incorporated in fiscal paradises"

          Iceland isn't really Nordic - it's a small island economy and, as we now know, the main occupation of small islands has traditionally been piracy. Nowadays they just do it much less violently.

          1. x 7

            Re: within the grasp of powerful crime gangs and government agents

            "Iceland isn't really Nordic - it's a small island economy and, as we now know, the main occupation of small islands has traditionally been piracy"

            what? The Icelanders are descended from Viking pirates / slavers / exploring freebooters and their Irish / Scots sex slaves. You can't get much more Nordic than that, especially given the history and origins of their Governmental system

      5. Anonymous Coward
        Anonymous Coward

        Re: within the grasp of powerful crime gangs and government agents

        So yeah, there's some difference between a crime gang a government, if only in how they recruit.

        Let's also not forget that there is a difference between people who do a job, and those who direct these people and who may call something a legitimate job when it really is not. Unfortunately, those criminals (because that's what they are( are protected by the rampant lack of transparency in the use of the powers agencies have been given. To me, that is the real issue. If I see an FBI attempting to rewrite law in the case of Apple vs FBI, I am saddened to see that the whole discussion remained with the issue in court, and not result in someone asking what the f*ck the FBI is doing trying to rewrite law.

        The BENEFIT of transparency is that voters can see what agencies are actually doing for them - unless they have something to hide..

        1. Bob Dole (tm)

          Re: within the grasp of powerful crime gangs and government agents

          >>Let's also not forget that there is a difference between people who do a job, and those who direct these people and who may call something a legitimate job when it really is not.

          Every individual is responsible for maintaining their own moral code. Saying that your boss told you to do that bad/evil/illegal thing is not a defense, no matter who you work for.

          1. Melo

            Re: within the grasp of powerful crime gangs and government agents

            Your individualistic moral high ground has been determined to be very rare quite a bit ago. Government jobs in either civilian or military settings put you in an environment rife with authority figures, and who is to say that their methods are evil/unjustified without having the same level of information as those authority figures? Only someone with more access than they do would have the perspective and information to determine that accurately; the higher you go, the more you have to hope that the person giving the orders is not morally bankrupt, and is providing orders to foster the "greater good".

            "The Milgram experiment on obedience to authority figures was a series of social psychology experiments conducted by Yale University psychologist Stanley Milgram. They measured the willingness of study participants, men from a diverse range of occupations with varying levels of education, to obey an authority figure who instructed them to perform acts conflicting with their personal conscience; the experiment found, unexpectedly, that a very high proportion of people were prepared to obey, albeit unwillingly, even if apparently causing serious injury and distress."

            "Stark authority was pitted against the subjects' [participants'] strongest moral imperatives against hurting others, and, with the subjects' [participants'] ears ringing with the screams of the victims, authority won more often than not. The extreme willingness of adults to go to almost any lengths on the command of an authority constitutes the chief finding of the study and the fact most urgently demanding explanation."

            1. x 7

              Re: within the grasp of powerful crime gangs and government agents

              All the Milgram experiment proved is that Americans (of that time period) were educated to minimise personal thought and reasoning ability. Americans were being educated / brainwashed in ways somewhat similar to that of WWII Germany. Subservience to God, the President, the nation, ones teachers, etc.....

              If he'd tried the same experiment in the UK he would probably have found a different result, probably one involving a refusal to continue, and when persisted with - a smack around the head.

              I find it disturbing that modern USA TV series still seem to promote the subservience to authority meme, I'd been interested to know how close this is to modern day reality

      6. raving angry loony

        Re: within the grasp of powerful crime gangs and government agents

        My comment was meant somewhat facetiously, but... not completely.

        Two issues.

        1) "Tend to know you're not a good guy". Spoken by a person who has never experienced deep and abiding corruption. The corrupt are often the first to believe, strongly, that they are in fact "good". That everything they do is "good", because they're doing it. Therefore by opposing them you deserve to be punished because, if you oppose them, you must be "not good" because they are, by definition, "good". Ask any "true believer" corporatist, for instance.

        2) As for using the USA as an example of a place where there's a difference? I see little difference between Russia and the USA, except that the USA has overthrown more governments and been much more hypocritical in the difference between their official propaganda vs their actions. I'd go into details, but I was up to 4 paragraphs and had only scratched the surface of the documented stuff, let alone the "assumed" actions. Yet, as per item (1), the people of both Russia and the USA consider themselves, for the most part, to be "good guys". Probably because they don't know their own history. Or don't care.

        So I was perhaps being a little less than facetious. Perhaps.

        I agree about some Nordic countries though. Maybe.

    2. Mad Chaz

      Re: within the grasp of powerful crime gangs and government agents

      Yea, not all powerful crime gangs are government. Some do independent work.

  4. Mark 85

    I would hope that this excise was for the benefit of those of Feinstein's ilk.

  5. Herby
    Joke

    Maybe it is time for....

    SS8??

    Maybe not so much of a joke.

    1. Roger Kynaston
      Happy

      Re: Maybe it is time for....

      I read that as SSB first. I am sure we would all love a return to HAM radio! No privacy but no one has to hack it as it is broadcast in clear for the whole world to listen to.

    2. Anonymous Coward
      Anonymous Coward

      Re: Maybe it is time for....

      SS8 is already here....and they probably use the exploit in SS7 amongst many others.

  6. Slx

    It's amazing that the mobile voice networks are still hanging off a 1980s protocol designed for ISDN and ancient voice switches that are nothing to do with IP technology.

    1. Anonymous Blowhard

      "It's amazing that the mobile voice networks are still hanging off a 1980s protocol designed for ISDN and ancient voice switches that are nothing to do with IP technology."

      So using a 1980s protocol designed for reliable mobile voice communications as opposed to a 1970s protocol designed for fixed-line "best effort" communications?

    2. PassiveSmoking

      TCP/IP dates from the late 70s/early 80s. Might want to be careful before assuming that old = bad

      1. Slx

        I'm not saying old = bad.

        It's a system that comes from a very different development background to IP counterparts. It was top down developed by big telco equipment makers and telcos and standardised by committee.

        It's not designed for exposure to the hostile world of open networks - old and inappropriate system for anything that's open to the outside world.

  7. Anonymous Coward
    Anonymous Coward

    CTIA rep at end of article is LYING

    He claims it has something to do with a German mobile operator, but the US congressman was in the US on a major carrier (they didn't name it, but safe to assume probably AT&T or Verizon)

    Maybe they leveraged some extra access via a German operator, but if so whoop de doo, if you have to rely on every operator worldwide to be secure you might as well give up and assume even minor criminals can find their way in.

    There has been talk of weaknesses in SS7 since the 80s, I'm sure the US government has relied on this for spying (both legal and illegal) for a long time, and has no desire to see these holes patched up. It will take a proven instance of a foreign power snooping on the President's phone for something to be done I guess (yes I know Obama is using a special Blackberry that can encrypt voice communications beyond the pitifully weak encryption GSM does, but that only helps if he's talking to someone else using a similar phone, so while it might help if he's talking to the SecDef, it won't do any good when he's talking to Putin or Merkel)

    Though I wouldn't be surprised if the government's reaction was to issue encrypted Blackberries widely and claim that fixes the problem - so long as the elites are safe from snooping, who cares about us worthless scum known as mere citizens?

    1. Dan 55 Silver badge
      Black Helicopters

      Re: CTIA rep at end of article is LYING

      I bet every spookhaus in the world just rocks up to their local (ex-)monopoly telecom provider with a list of numbers, or maybe they just furtle the lines themselves.

      I wonder if the exploit allows multiple taps at the same time or if they're all treading on each other's toes.

      1. Anonymous Coward
        Anonymous Coward

        Re: CTIA rep at end of article is LYING

        If the exploit is in SS7, you just need to connect to the global telco network at that level. Any government/corporate office large enough that it has its own prefix (i.e. area code - 3 digit prefix - XXXX in the US) may have its own switch running SS7 protocol. As far as I can tell, that would be sufficient.

        Pretty sure the NSA's Fort Meade office has their own prefix, and operates their own SS7 switch. In my modest sized city there's a university and at least one private company I know of that have their own prefix. I know the university has their own SS7 switch, no clue about the company.

      2. Slx

        Re: CTIA rep at end of article is LYING

        *ALL* of the voice switches used around the world have "lawful interception" capabilities that allow this kind of "hack".

        Unlike SIP or most of the VoIP protocols, SS7 is a signalling system that was developed for primarily state owned or equivalent monopoly telcos. It's an evolution of older systems and it was designed from the outset to be open to being tapped. They've inbuilt, crude backdoors.

        A state can literally purchase interception software for any of the common voice switches out there and they most definitely have been used politically in some countries in the past and are openly used as tools of control in places with extreme censorship regimes.

        You'd be far safer as a journalist or politician using Facetime and WhatsApp than a mobile or landline service if you suspected someone wanted to listen to your calls.

        1. Anonymous Coward
          Anonymous Coward

          Re: CTIA rep at end of article is LYING

          "You'd be far safer as a journalist or politician using Facetime and WhatsApp than a mobile or landline service if you suspected someone wanted to listen to your calls."

          Oh? What's to say Facetime and WhatsApp don't have their own tapping facilities mandated by government order?

          1. Anonymous Coward
            Anonymous Coward

            Re: CTIA rep at end of article is LYING

            Facetime is encrypted point to point. Some tried to argue that Apple's fight with the FBI was all theater to make people think it is secure when they were really providing the government full access in secret - but if that was the case then the FBI would have let them "win" that fight to provide the illusion that Apple was a safe choice for terrorists.

            They wouldn't have publicly gone to a third party who broke into the phone, shattering the illusion the conspiracy theorists claimed was being carefully crafted to give terrorists a false sense of security.

            1. Anonymous Coward
              Anonymous Coward

              Re: CTIA rep at end of article is LYING

              "They wouldn't have publicly gone to a third party who broke into the phone, shattering the illusion the conspiracy theorists claimed was being carefully crafted to give terrorists a false sense of security."

              FaceTime only works in transit. The common MO of the LEOs is to crack outside the encryption envelope: either before encryption or after decryption. That's why endpoint cracking is the norm with them. As that's a point where the data MUST be human-readable, it's outside the envelope. FaceTime only encrypts in transit since it MUST be human-readable to hold a conversation, so its point-to-point encryption is moot to the FBI.

              As for going to great lengths to crack an iPhone, given there are few alternatives for remote communication that the law doesn't know about (since face-to-face is increasingly under scrutiny), this sounds like an exercise in cutting off what few avenues are remaining, forcing the terrorists to regroup: possibly opening the way for a mole.

        2. Anonymous Coward
          Anonymous Coward

          Re: CTIA rep at end of article is LYING

          Lawful interception for traffic crossing a particular switch is one thing. That's what they are designed to do, and no one would be surprised about that.

          However, there was never any intent to allow anyone with SS7 access to have "lawful" intercept capabilities from halfway around the world! That's clearly a big security issue, and from the sound of things it is a security issue with the protocol itself, not a specific implementation.

    2. Jeffrey Nonken

      Re: CTIA rep at end of article is LYING

      ...Or perhaps he meant T-Mobile.

  8. Anonymous Coward
    Anonymous Coward

    38 minutes?

    LOL

    Populist pap.

  9. Anonymous Coward
    Anonymous Coward

    Seriously.....

    ....after the Snowden revelations there are no rogue mobile operators??...did that last quote come over a poor mobile call from Jose Mouhrino?

  10. Charles 9

    So what's someone to do. This is full-on DTA mode, but communications REQUIRES a level of trust to go farther than shouting distance. So how do you contact someone far away, in a short time frame (meaning you can't meet face to face) when the only methods available cannot be trusted? Sounds a lot like the intractable First Contact Problem.

  11. Anonymous Coward
    Black Helicopters

    Wow, bringing back old rotary phones sounds better and better!

    How much do you want to bet that this vulnerability is at least a big part of the reason you don't see the NSA strongly supporting the FBI in their ongoing dust-up with Apple?

    1. Slx

      Re: Wow, bringing back old rotary phones sounds better and better!

      SS5 and other systems for those old s

      networks was often just tones played down a phone line. You could hack it with a whistle, never mind a computer

  12. FuzzyWuzzys
    Facepalm

    "Last year, the president of the United States called me on my cellphone. And we discussed some issues. So if hackers were listening in, they would know that phone conversation. And that's immensely troubling."

    FFS, if it's an issue of national importance and should remain private between you and one of the most important people in the western world, then get yer fat arse onto a plane/helicopter and meet them in person. Rather than pissing US tax money up the wall on titty-bars and having your garden landscaped, how about using it for something useful like a business trip, they must have a few grand to get you to somewhere to meet for a chat and then dump you off back home that afternoon?

    1. Dan 55 Silver badge
      Trollface

      Or use a WhatsApp call, which now has end-to-end encryption.

      1. Jeffrey Nonken

        "Or use a WhatsApp call, which now has end-to-end encryption."

        Because I would totally trust Facebook with our national security.

  13. Marcus Fil

    Seriously...2

    YTF do you think those of nominal import have SMEPEDs ("Barrackberries")? This is news how? I am saying nothing ...literally.

  14. PassiveSmoking

    I'm not an American so I can't vote for Leiu.

    Is there a way we can borrow this guy? I'll trade you one Theresa May for him.

    1. Anonymous Coward
      Go

      You'll have to check the Treaty of Paris to see if there is a clause along the lines of "We agree that America gets its independence, but in return we get to exile to you one ne'er-do-well royal or blinkered parliamentarian every X number of years".

  15. allthecoolshortnamesweretaken

    "That is the equivalent of giving a thief the keys to your house; that is not representative of how US wireless operators secure and protect their networks. We continue to maintain security as a top industry priority." - John Marinho, VP CTIA

    Yeeesss... in the sense that you want to make a point about home secutity, but don't want to get ugly scratches on the door lock. Or, more to the point in this case, don't want a the cops interrupting the demonstration.

    BTW, why no CTIA? Isn't there a T too much in this? jokes?

  16. Anonymous Coward
    Anonymous Coward

    why the indignation

    after all, this is the congressmen (and women) who authorise the budgets of those 3-letter protectors of democracy, who took the executive decision that fuck, yeah, they can eavesdrop on EVERYBODY IN THE WORLD.

  17. TeeCee Gold badge

    Hmm.

    If you're looking for a reason that it hasn't been fixed, there's a really bloody obvious one that doesn't require you to wear a shiny hat to believe it.

    Fixing it in such a way as to maintain back-compatibility and thus not b0rk 99% of devices out there[1] is on the way too hard pile.....

    [1] i.e. Everything that isn't an iPhone or a recent Nexus device and thus doesn't stand a cat in hell's chance of a firmware update.

  18. Anonymous Coward
    Mushroom

    Backdoors

    SS7 encryption is exactly what Feinstein (and Obama?) and Comey want us to go back to. It would be sweet poetic justice for them and their allies to be brought down by intercepted phonecalls and texts. All you have to do is hack into some little mobile provider.

    I have a better proposal: nuke the legacy phone network.

    1. Anonymous Coward
      Anonymous Coward

      Re: Backdoors

      Nuking the legacy phone network means leaving A LOT of people completely cut off since the old-fashioned telephone is their ONE AND ONLY link to everyone else. How do you propose you solve this without leaving people to DIE or breaking the budgets of numerous small nations on so doing?

      1. Anonymous Coward
        Anonymous Coward

        Re: Backdoors

        Mobile data. Sheesh.

        1. Charles 9

          Re: Backdoors

          Good luck getting any bars out in the boonies...

  19. Gis Bun

    Maybe Ted should of used a Blackberry instead of a hackable insecure iPhone.

  20. Anonymous Coward
    Anonymous Coward

    Stingraaaay, Stingray - dur dur duurr du, dur du!

    No, it isn't.

    LTE networks no longer use SS7 as it's an all IP system. Maybe time to upgrade and pay for the service if you're concerned about privacy and security.

    1. x 7

      Re: Stingraaaay, Stingray - dur dur duurr du, dur du!

      "LTE networks no longer use SS7 as it's an all IP system."

      but isn't part of the Stingray interception the fact that it denies the LTE connection, forcing the targeted phone to communicate using G2, which CAN be cracked using SS7. Thats old knowledge from a couple of years ago at least.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like