Report: SS7 still vulnerable more than a year after hack first reported

A vulnerability in the worldwide mobile exchange system continues to allow hackers to access others' wireless data -- more than a year after it the flaw was discovered, CBS' 60 Minutes reported.

The weakness lies in SS7, or Signaling System Seven, a set of telephony signaling protocols that brokers information between wireless networks. Hackers need nothing more a phone number to exploit the vulnerability to listen to phone calls, read text messages and track users' location.

The hack was first demonstrated by security researcher Karsten Nohl during a 2014 convention in Germany. Nohl advises Fortune 500 companies on computer security, and he demonstrated the hack by tracking a new iPhone that 60 Minutes gave to U.S. Rep. Ted Lieu (D-Calif.).

Lieu, who holds a degree in computer science from Stanford, agreed to use the phone to talk to his staff knowing it would be hacked. Nohl was able to use the phone number while working in Berlin to track Lieu's movements in Los Angeles as well as to read messages and record phone calls between Lieu and his staff.

"Nohl told us the SS7 flaw is a significant risk mostly to political leaders and business executives whose private communications could be of high value to hackers," CBS correspondent Sharyn Alfonsi reported. "The ability to intercept cellphone calls through the SS7 network is an open secret among the world's intelligence agencies -- including ours -- and they don't necessarily want that hole plugged."

Lieu said that intelligence personnel who have known about the flaw but not addressed it should "absolutely" be fired.

"You cannot have 300-some million Americans -- and really, right the global citizenry be at risk of having their phone conversations intercepted with a known flaw, simply because some intelligence agencies might get some data," he said. "That is not acceptable."

For more:
- read this 60 Minutes report

Related articles:
AT&T confirms data breach as hackers hunted for codes to unlock phones
Verizon, AT&T, Sprint and T-Mobile say customers are protected from Heartbleed bug
Verizon, AT&T, Sprint, T-Mobile and U.S. Cellular agree to new cell phone unlocking rules
FCC, carriers reportedly near deal on cell phone unlocking
FCC's Wheeler pressures CTIA to clarify carriers' phone unlocking policy
NTIA pushes FCC to mandate free cell phone unlocking

Suggested Articles

Instead, it's creating uncertainty that's reducing investment overall, Ericsson's chief executive told CNBC.

Qualcomm, Audi of America and the Virginia Department of Transportation are planning for initial C-V2X deployments on Virginia roadways.

Vapor IO raised $90 million to build out its Kinetic Edge platform throughout the country.