How 60 Minutes performed 'Phone' with public hacking hysteria

On Sunday, 60 Minutes took a yr-previous phase on telephone hacking it shot and aired in Australia, fluffed it up with different previous hacks from final yr’s DEFCON, and re-packaged it for an American viewers.

Virtually nobody observed these specific particulars.

However nearly everybody panicked. “Hacking Your Telephone” set off a scare that raged via headlines and social media posts all week. Because the miasmic cherries on prime, the episode additionally freaked out congressman Ted Lieu, who has referred to as for a Congressional investigation, and the FCC is now concerned.

The thirteen-minute phase based mostly its hysteria on a gap in telephone routing protocol SS7 (Signaling System 7) a flaw which, by the way, is not straightforward to take advantage of. However maybe considering the mixture of hacker boogeymen and SS7’s potential would not make for dramatic TV, the present blurred in a handful of various — and very unrelated — ways in which smartphones could be hacked.

Demonstrations included listening to calls, intercepting e mail, and spying on customers with a smartphone’s constructed-in digital camera. In a single brief scene reporter Sharyn Alfonsi acquired a demo from Australian maker of safety product CryptoPhone, with the 60 Minutes phase telling viewers, “you might want a “CryptoPhone” if you wish to keep away from hacking.”

The SS7 community hacking bit had Alfonsi and 60 Minutes touring to Germany to hunt out “one of the best hackers on the planet” for an SS7 hacking demo in a subterranean concrete bunker. For this, CBS offered US Rep. Ted Lieu (D–CA) with an iPhone and the researchers have been filmed recording his conversations (with permission). The present cautioned viewers that they might be hacked and tracked from anyplace, concluding with a sinister warning that we now stay in a world the place know-how cannot be trusted.

Nicely no shit, Sherlock.

The primary model of this phase aired in August 2015 on 60 Minutes Australia and had the identical baseline message: “you may be bugged, tracked and hacked from anyplace on the earth.” The phase opens tragicomically minimize with melodramatic telephone monitoring scenes from James Bond movie Skyfall, as Australian 60 Minutes reporter Ross Coulthart traveled to, you guessed it, Berlin.

Coulthart descends into the identical underground workplaces we noticed on this episode’s American remake, this time figuring out safety researcher Luca Melette (whom Sharyn Alfonsi uncared for to determine). Melette then demonstrated use of SS7 to intercept a name between Mr. Coulthart and Australian Senator Nick Xenophon, who was as predictably shocked and outraged as his American counterpart. The Australian reporter went to Las Vegas as nicely, the place he inexplicably interviewed the maker of a safety product you may’ve simply heard about referred to as CryptoPhone.

All through the episode, 60 Minutes Australia repeated its declare that this demo of monitoring and name interception utilizing SS7 “has by no means been proven earlier than.”

When you’ve already guessed that this specific plop of kangaroo fudge is not true, I might wish to advocate you for the clearly unfilled reality-checking place at 60 Minutes.

The primary public disclosure of analysis into monitoring and surveilling smartphone customers by way of SS7 was in a Black Hat 2007 speak by Philippe Langlois. However the actual in-your-face presentation was in Tobias Engel’s 2008 presentation at German hacking convention CCC (25c3), referred to as “Finding Cellular Telephones utilizing SS7.” Since then, talks on monitoring individuals by means of these actual sorts of telecommunication community assaults appeared steadily at safety and hacking conferences, peaking with The Carmen Sandiego Challenge by Don Bailey and Nick DePetrillo at Black Hat in 2010.

60 Minutes put Herculean effort into convincing viewers that at any second they might unknowingly develop into victims to some dude in a darkish basement monitoring their location and listening to their calls, because of his unfettered entry to SS7.

How 60 Minutes played 'Telephone' with public hacking hysteria

And whereas a gap in telephone routing protocol is a significant issue, it is an avenue of assault that is within the realm of nation-states and espionage. It requires entry to spine telephone networks. It is the sort of hacking that’s pricey in some ways, and so is simply used to go after particular excessive-profile or info-wealthy targets, by entities with assets and privileges. Within the case of 60 Minutes Australia, Luca Melette was given entry to SS7 by the German authorities — which renders the worry-mongering and warnings of each segments moot.

I do not know if it is as a result of 60 Minutes is low on both balls or brains, or each, however the present completely failed to inform viewers about truly scary methods SS7 might be being abused to violate our privateness. Like in state-sponsored knowledge assortment dragnets, the place authorities benefit from the flaw to collect information, “simply in case.” Or corporations which have lifeless-critical monetary motivation to trace and surveil us, like Fb, who’re well-known for doing issues that are not technically unlawful till they’re caught.

However the American 60 Minutes did not cease at SS7 with its reductive recreation of hacker-terror “Phone.”

For causes which might be anybody’s guess, CBS’s reporter had Lookout Safety founder John Hering assemble what Alfonsi referred to as “the all-stars, the tremendous hackers, to be a part of our demonstration.” Within the 60 Minutes Extra time supplemental to the phase, Alfonsi remarked in shock that “they only seem like a bunch of normal guys.” Apparently nobody wore their balaclavas and sun shades to the all-star roundtable. With a totally straight face, Ms. Alfonsi hit Hering and the group with nail-biting questions like “is every little thing hackable?”

Lookout’s principal man then walked Alfonsi step-by-step into connecting her iPhone to his personal spoofed community, whereas they each pretended she had related to some rando’s creepy malicious community all on her personal. Then he learn via Alfonsi’s (apparently unencrypted) CBS Information e-mail.

Hering’s subsequent proof of his tremendous-hacker energy was to point out Alfonsi that he might spy on her utilizing the entrance dealing with digital camera on her telephone. At the start of this little contrived drama, Alfonsi is utilizing an iPhone. You understand how everybody and every part lately is telling you to not click on hyperlinks, obtain information, or set up purposes you do not anticipate to obtain? Properly, he advised her to do precisely that — click on, obtain, set up his app — with a textual content message he despatched her. To do that in actual life, she’d have to disable the security measures on her iPhone, and would obtain warnings. However within the subsequent shot, all of the sudden our reporter is being spied on by Hering although an Android telephone propped up on her desk.

How 60 Minutes played 'Telephone' with public hacking hysteria

Do not get me mistaken: SS7 surveillance, community spoofing, phishing, and spurious product placement are all very actual points that buyers have to be on prime of. However 60 Minutes acquired all of it backwards within the identify of drama. They could as nicely have advised individuals to soak their telephones in bleach earlier than burning them after their subsequent sext for all of the uselessness and flat-out fakety-pretend hysteria in “Hacking Your Telephone.”

There are one million nice, really chilling, and unbelievably pressing hacking tales to be advised. Ones that desperately have to be addressed by the FCC and congressional investigations. Tales that may solely be all these issues once they’re being informed precisely.

However after this, I do not consider we’ll see any of them on 60 Minutes.

Ms. Violet Blue (, @violetblue) is a contract investigative reporter on hacking and cybercrime at Zero Day/ZDNet, CNET and CBS Information, in addition to a famous intercourse columnist. She has made common appearances on CNN and The Oprah Winfrey Present and is often interviewed, quoted, and featured in quite a lot of publications that features ABC Information and the Wall Road Journal. She has authored and edited award-profitable, greatest promoting books in eight translations and has been a intercourse columnist for the San Francisco Chronicle. She has given keynote talks at such conferences as ETech, LeWeb, and the Forbes Model Management Convention, and has given two Tech Talks at Google. In 2010, the London Occasions named Blue one among “forty bloggers who actually matter.” Ms. Blue is the writer of The Sensible Woman’s Information to Privateness. Violet Blue bio courtesy of TTI Vanguard.