Rep. Lieu asks FCC to speed up investigation of SS7 flaw

Photo credit: Flickr user Mark Mauno

Rep. Ted Lieu, D-Calif., asked the FCC this week to step up its investigation of a Signaling System Seven (SS7) flaw following reports of alleged Russian hacking of members of the U.S. Congress.

The weakness in SS7 came to light again in April when CBS’ 60 Minutes reported that hackers need nothing more than a phone number to listen to phone calls, read text messages and track users’ location. The hack was demonstrated by security researcher Karsten Nohl, who tracked a new iPhone that 60 Minutes gave to Lieu for the broadcast.

SS7 is a set of telephony signaling protocols that brokers information between wireless networks around the world.

Beat Robocalls

How STIR/SHAKEN Restores Consumer Trust in Phone Companies

Nothing has done more to erode consumer trust in phone calls and carriers than caller ID spoofing, robocalls, and the scams that nefarious players run. Now STIR/SHAKEN is rebuilding that consumer trust. Download the eBrief now to learn more.

Lieu, who holds a degree in computer science from Stanford, agreed to use the phone to talk to his staff knowing it would be hacked. Nohl was able to use the phone number while working in Berlin to track Lieu's movements in Los Angeles as well as to read messages and record phone calls between Lieu and his staff.

A CBS correspondent called the SS7 flaw an “open secret” among governmental agencies around the world who may leverage the vulnerability to glean intelligence. The broadcast prompted FCC Public Safety Bureau chief David Simpson to ask his staff to review SS7, saying the report “highlights the inherent risk encountered when an end-of-life technology is incrementally replaced by a new one.”

In a letter to FCC Chairman Tom Wheeler, Lieu requested that the FCC expedite its investigation of the flaw and give an estimate when the inquiry will wrap up. Lieu also asked the FCC to provide members of Congress with information it has learned about the flaw.

“The SS7 problem is no longer a theoretical threat,” Lieu wrote. “We now have a mass release of cell phone numbers of Members of Congress likely caused by a Russian government that has full access to utilize the SS7 flaw. Because we don’t know how long the hackers had access to this information, it is very possible nearly half of Congress has already had voice and text data intercepted…. The ramifications of the SS7 flaw can be severe, both for our national security and the integrity of American elections.”

For more:
- see Lieu’s letter
- read this Tom’s Hardware report

Related articles:
Security flaw in SS7 triggers FCC review, call for carrier action
Report: SS7 still vulnerable more than a year after hack first reported


Suggested Articles

AT&T said it added 229,000 net postpaid phone connections in the fourth quarter and grew wireless service revenue by nearly 2%.

Verizon continues to win top network honors, but analysts question the strength of its spectrum position.

The U.K. government has decided China’s Huawei can supply gear for the country’s 5G networks, but it will be restricted to non-core portions, consider