60 Minutes Shows Nature of Smartphone Vulnerabilities Some Senators Want to Preserve
Here's what it looks like when your cybersecurity is not protected.
A 60 Minutes segment on smartphone hacking that ran over the weekend seemed mostly designed to make the average consumer scared about the state of his or her cybersecurity. Oddly, despite having the involvement of tech privacy-oriented congressman Rep. Ted Lieu (D-Calif.) onboard, the segment, by correspondent Sharyn Alfonsi, did not engage in any discussion about the big, current encryption debate happening on Capitol Hill, nor really any federal policies that might impact personal cybersecurity either positively or negatively.
Instead, the segment has "white hat" hackers in Germany break into a phone 60 Minutes provided to Lieu, given only his phone number. They succeed and are able to listen into his phone calls and access the content of his phone. Similarly, a group of hackers at Las Vegas' annual DEF CON hacking conference were able to trick Alfonsi into connecting her phone into a spoof wi-fi connection (which she thought was her hotel's wi-fi) and access her phone data, and through that personal credit card data.
It isn't until the end of the 13-minute segment when it delves into who is most endangered by these cybersecurity weaknesses where we get into the political scope—Lieu himself mentions he had been called by President Barack Obama on his cell phone last year (not the one provided for this experiment, obviously). If the president had called this phone in Lieu's possession, it would have given hackers potential inroads to communications by the president of the United States.
The ultimate message of the segment is that our data is only as secure as technology is able to keep up with potential causes of breaches. An accurate assessment, obviously, but given Lieu's involvement in the segment and his record on opposing unaccountable federal data gathering, it is a little bit odd that given the current tech debate, 60 Minutes did not get into the role encryption plays in helping prevent the examples we're shown—or if it even would have made a difference. Would end-to-end encryption (like WhatsApp has started offering) have prevented the hackers from accessing the content of data even if the hackers got digital access to these phones?
If better encryption is the answer to the vulnerabilities detailed in the segment, then that's another reason to be deeply concerned by the proposed federal legislation by Sens. Dianne Feinstein (D-Calif.) and Richard Burr (R-N.C.) that would require tech companies to break their own encryption upon court demand in order to provide data to law enforcement. If there's a way in, as this 60 Minutes segment showed, hackers will inevitably find it.
To the show's credit, it does take a moment to point out that there are people in the intelligence community that are very likely perfectly fine with the existence of the vulnerabilities shown during these experiments, because they help the government get information. That they also put everybody else at risk does not seem to be a concern to them.
Lesley Stahl did do a segment on the encryption debate back in March, speaking with Pavel Durov, inventor of encrypted app Telegram, designed after dealing with pressure and censorship from Russia and the Kremlin to censor online communication from anti-Putin activists. A transcript from that segment is here.
Watch last night's 60 Minutes segment below the fold: