International experts in mobile security including California-based Lookout founder John Hering and Berlin-based Karsten Nohl of Security Research Labs show how mobile phones and the networks that carry their signals can be exploited by hackers. Hering gathered a group of security researchers in Las Vegas during a hackers convention and they broke into the phone of 60 Minutes correspondent Sharyn Alfonsi. Hering demonstrated how he could read Alfonsi's email and collect her credit card and other private and personal information. Nohl and his team in Berlin showed how they were able to exploit a flaw in a global mobile network called Signaling System Seven -- or SS7. The team was able to monitor and record a phone that 60 Minutes lent to U.S. Rep. Ted Lieu, D-California, a member of the House Oversight and Reform Subcommittee on Information Technology. Sharyn Alfonsi's report will be broadcast Sunday, April 17 at 7 p.m. ET/PT.
SS7, Alfonsi reports, is a little-known, but vital network that connects mobile phone carriers all over the world. By exploiting a flaw in the system, Nohl told Alfonsi, he could target the phone Rep. Lieu was using and "track their whereabouts, know where they go for work, which other people they meet. You can spy on whom they call and what they say over the phone." Rep. Lieu considers the flaw a threat to national security and when Alfonsi played a recording of one of the congressman's calls he reacted by saying, "First it's really creepy and second it makes me angry." The congressman warned that someone who targeted his phone could have listened in on a conversation he had with President Obama. "That's immensely troubling," he said. Nohl explained that the S-S-7 flaw could be used to spy on other politicians and business leaders whose communications could be of high value to hackers. Alfonsi also reports that the flaw is well known among intelligence agencies, including those in the U.S.
Hering told Alfonsi, "In today's world there's really only two types of companies or two types of people: Those who have been hacked and realize it and those who have been hacked and haven't." He demonstrated how easily a mobile phone user could be fooled by a phony free Wi-Fi connection into revealing a host of personal and financial information stored on the device. In a demonstration for 60 Minutes, he showed Alfonsi, "I have your email...I know you have a ride-sharing application up here, all the information that's being transmitted, including your account ID...I have all the credit cards associated with that account."