Scott is worried about Vault 7 and the CIA's hacking. He's heard from Edward Snowden's tweets that the CIA has left a huge vulnerability in our mobile devices. Leo says that was the problem with the Feds wanting to crack Apple's iOS since once cracked, it's available to anyone. But the reality is, the hack is 3 years old and Apple has worked to close those vulnerabilities. So it's likely that unless Scott's phone hasn't been updated for three years, he's safe.
What this should do is give him a call to action to make sure all his devices are updated and patched consistently. It shouldn't be shocking that these tools exist. In fact, our government should actually be actively cultivating them -- with oversight. Currently, there's no indication that these exploits are being used against US citizens without legal cover. The shock isn't that we're hackable. The shock would be that we aren't doing anything to make sure we aren't. Apple works hard to prevent that.