Security flaw in SS7 triggers FCC review, call for carrier action

The FCC said it is looking into the use of a mobile network technology with a vulnerability that allows hackers to access others' wireless data using nothing but a phone number.

Politico reported the Commission is studying carriers use of SS7, or Signaling System Seven, which was featured in a segment on CBS's 60 Minutes earlier this week. SS7 is a set of telephony signaling protocols that serves to broker information between networks and is used by mobile carriers around the world.

German security researcher Karsten Nohl demonstrated the flaw during a 60 Minutes broadcast that aired Sunday, using it to track a new iPhone that had been given to U.S. Rep. Ted Lieu (D-Calif.), who agreed to use the handset to talk to his staff knowing it would be hacked. Nohl was able to eavesdrop and record Lieu's conversations and track his whereabouts in Southern California as Nohl worked in Berlin.

Nohl initially demonstrated the vulnerability during a 2014 convention in Germany.

FCC Public Safety Bureau chief David Simpson issued a statement saying he had asked his staff to review SS7. "The '60 Minutes' report highlights the inherent risk encountered when an end-of-life technology is incrementally replaced by a new one," Simpson said, according to Reuters.

Simpson called on carriers to move to assess and address security issues with SS7, Simpson said. The four major U.S. mobile network operators declined to address concerns about SS7 earlier this week, however.

For more:
- see this Politico brief
- read this Reuters article

Related articles:
U.S. carriers mum on 60 Minutes report on vulnerability in SS7
Report: SS7 still vulnerable more than a year after hack first reported
AT&T confirms data breach as hackers hunted for codes to unlock phones
Verizon, AT&T, Sprint and T-Mobile say customers are protected from Heartbleed bug
Verizon, AT&T, Sprint, T-Mobile and U.S. Cellular agree to new cell phone unlocking rules

Suggested Articles

Instead, it's creating uncertainty that's reducing investment overall, Ericsson's chief executive told CNBC.

Qualcomm, Audi of America and the Virginia Department of Transportation are planning for initial C-V2X deployments on Virginia roadways.

Vapor IO raised $90 million to build out its Kinetic Edge platform throughout the country.