The Germany-based hackers pulled off the stunt by targeting a system called SS7 that allows phones on different wireless carriers to exchange information with one another, enabling roaming, cross-carrier billing and other features. Think of it as a middleman between different wireless carriers.
The hackers were targeting the network, not the individual phones on either end of the call. That means the hack would work even if the congressman, Democrat Ted Lieu of California, was using a password or taking other steps to protect his phone’s contents.
Security researchers have previously alerted the world to flaws in SS7. But some vulnerabilities clearly remain. Some observers argue the hole hasn’t been filled because it enables governments to snoop on surveillance targets.
What can you do to avoid the 60 Minutes hack? The best option is to forego your phone’s normal calling feature in favor of communication apps that offer what’s called “end-to-end encryption.” With them, your conversations are secured from the time they’re sent to the moment they’re received. One popular example is Signal, favored by journalists and security experts. (Edward Snowden is among the software’s fans.)
All computer security advice, however, should carry this important caveat: Pretty much anything can be hacked. If you are seriously concerned about your information staying secure, it’s best not to send that data over a communications system of any kind.
60 Minutes’ demonstration highlights a wrinkle in the ongoing debate over privacy and national security. While law enforcement groups say encryption apps like Signal make it harder to solve crimes, others argue they offer law-abiding citizens a way to keep their communications safe from prying eyes and ears. Representative Lieu, who sits on House subcommittees for information technology and national security, argues in favor of strong encryption. “You cannot have 300-some million Americans—and really, right, the global citizenry—be at risk of having their phone conversations intercepted with a known flaw, simply because some intelligence agencies might get some data,” he said on the show.