U.S. carriers mum on 60 Minutes report on vulnerability in SS7

CBS's 60 Minutes created something of a stir over the weekend when it reported on a vulnerability in the worldwide mobile exchange system that continues to allow hackers to access others' wireless data using nothing but a phone number. But if U.S. operators are terrified about any dangers the flaw may represent to their customers, they don't seem to be showing it.

The reported weakness lies in SS7, or Signaling System Seven, which is a set of telephony signaling protocols that serves to broker information between wireless networks. Hackers can exploit the vulnerability with the phone number of the user they're targeting to listen to phone calls, read text messages and track the user's location.

The hack first came to light in 2014 when security researcher Karsten Nohl demonstrated it at a convention in Germany. Nohl recently demonstrated it again for 60 Minutes during a broadcast that aired Sunday, using the flaw to track a new iPhone that had been given to U.S. Rep. Ted Lieu (D-Calif.). Lieu, who holds a degree in computer science from Stanford, agreed to use the phone to talk to his staff knowing it would be hacked.

Nohl was able to use the phone number while working in Berlin to track Lieu's movements in Los Angeles as well as to read messages and record phone calls between Lieu and his staff.

Correspondent Sharyn Alfonsi reported that the show contacted representatives from CTIA who said that there have been reports of SS7-related security breaches abroad, "but (they) assured us that all U.S. cellphone networks were secure," although Lieu was on a U.S. network when his phone was hacked from Germany.

The flaw "is an open secret among the world's intelligence agencies -- including ours -- and they don't necessarily want that hole plugged," Alfonsi reported.

CTIA, the trade group representing AT&T, Verizon and other top U.S. wireless carriers, released a statement yesterday noting that hackers "were given extraordinary access to a German operator's network" to demonstrate the vulnerability.

"This is the equivalent of giving the thief the keys to your house; that is not representative of how U.S. wireless operators secure and protect their networks," John Marinho, CTIA's vice president of cybersecurity and technology, said in a prepared statement. "U.S. wireless providers remain vigilant to protect their networks and their customers."

The four major U.S. wireless operators declined to address more specific questions from FierceWireless. When asked whether the flaw may threaten the privacy and security of subscribers, Verizon and AT&T pointed to CTIA's statement, while Sprint and T-Mobile declined to discuss the matter.

Meanwhile, Fortune reported yesterday that Lieu has called for a congressional investigation of the vulnerabilities in SS7, writing that, "The applications for this vulnerability are seemingly limitless, from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring U.S. government officials." Lieu said the investigation should be conducted by the House Oversight and Government Reform Committee, of which he is a member.

For more:
- see this 60 Minutes report

Related articles:
Report: SS7 still vulnerable more than a year after hack first reported
AT&T confirms data breach as hackers hunted for codes to unlock phones
Verizon, AT&T, Sprint and T-Mobile say customers are protected from Heartbleed bug
Verizon, AT&T, Sprint, T-Mobile and U.S. Cellular agree to new cell phone unlocking rules
FCC, carriers reportedly near deal on cell phone unlocking
FCC's Wheeler pressures CTIA to clarify carriers' phone unlocking policy
NTIA pushes FCC to mandate free cell phone unlocking