Rep. Ted Lieu, D-Calif., asked the FCC this week to step up its investigation of a Signaling System Seven (SS7) flaw following reports of alleged Russian hacking of members of the U.S. Congress.
The weakness in SS7 came to light again in April when CBS’ 60 Minutes reported that hackers need nothing more than a phone number to listen to phone calls, read text messages and track users’ location. The hack was demonstrated by security researcher Karsten Nohl, who tracked a new iPhone that 60 Minutes gave to Lieu for the broadcast.
SS7 is a set of telephony signaling protocols that brokers information between wireless networks around the world.
Lieu, who holds a degree in computer science from Stanford, agreed to use the phone to talk to his staff knowing it would be hacked. Nohl was able to use the phone number while working in Berlin to track Lieu's movements in Los Angeles as well as to read messages and record phone calls between Lieu and his staff.
A CBS correspondent called the SS7 flaw an “open secret” among governmental agencies around the world who may leverage the vulnerability to glean intelligence. The broadcast prompted FCC Public Safety Bureau chief David Simpson to ask his staff to review SS7, saying the report “highlights the inherent risk encountered when an end-of-life technology is incrementally replaced by a new one.”
In a letter to FCC Chairman Tom Wheeler, Lieu requested that the FCC expedite its investigation of the flaw and give an estimate when the inquiry will wrap up. Lieu also asked the FCC to provide members of Congress with information it has learned about the flaw.
“The SS7 problem is no longer a theoretical threat,” Lieu wrote. “We now have a mass release of cell phone numbers of Members of Congress likely caused by a Russian government that has full access to utilize the SS7 flaw. Because we don’t know how long the hackers had access to this information, it is very possible nearly half of Congress has already had voice and text data intercepted…. The ramifications of the SS7 flaw can be severe, both for our national security and the integrity of American elections.”
For more:
- see Lieu’s letter
- read this Tom’s Hardware report
Related articles:
Security flaw in SS7 triggers FCC review, call for carrier action
Report: SS7 still vulnerable more than a year after hack first reported