Congress is finally investigating SS7 mobile network security flaw

An aging cellular protocol, SS7 has been found to be terribly insecure by a group of security researchers which has prompted a congressional inquest.

1 minute & 43 seconds read time

Cellular networks are already pretty insecure as they are. Voice is sent unencrypted and in the clear despite having the necessary hardware to support even light encryption methods. Spoofing cellular towers, too, isn't exactly the most difficult thing to do either, but that's small potatoes compared to a vulnerability in the Signalling System No. 7 telephony protocol that can allow a potential malefactor to track you across the globe, with relative ease. Congress is now taking an interest and investigating these vulnerabilities.

Congress is finally investigating SS7 mobile network security flaw 1

The interest in the issue began with the airing of a 60 Minutes piece where Sharyn Alfonsi and a German computing enthusiast who specializes in nefarious programming techniques, showed off just how easy it is to exploit the SS7 protocol to track cellphone users. To demonstrate their point, the pair recruited US Representative Ted Lieu and asked him to use a new, not modified, iPhone when conducting staff phone calls. With just the phone number, they were able to pinpoint the location of the US Representative wherever he had the phone, and they were even able to record conversations he was having as well. It apparently didn't take much effort on the part of the researchers, either.

Mr. Lieu, following the demonstration he took part in, called for an official full investigation into the matter so that the vulnerabilities can be addressed. The flaw is something that potentially affects quite a few different markets, within the US and abroad, which could pose serious privacy issues. Not to mention if someone should use the flaw to target individuals as part of pre-meditated actions.

Congress is finally investigating SS7 mobile network security flaw 2

SS7 is an old protocol, first conceived of in 1975, that is used for creating and terminating phone calls. It's also the backbone of a lot of other telephony services, such as the exchange of numbers in caller ID and even for SMS messaging. The protocol is mostly universal with some differences between international networks, and can be accessed with open-source software and inexpensive hardware. the solution would be to update the aging protocol completely, bringing it into the modern age with privacy in mind, though that might mean a complete overhaul of cellular towers as well.

Jeff grew up in the Pacific Northwest where he fell in love with gaming and building his own PC’s. He's a huge fan of any genre of gaming from RTS to FPS, but especially favors space-sims. Now he's stepped into the adult world by becoming a professional student looking to break into the IT Security world. When he’s not deep in his studies, he’s deep in a new game, revisiting an old game, or testing the extreme limits of his own PC. He's now a news contributor for TweakTown, looking to bring a unique view on technology and gaming.

Newsletter Subscription

Related Tags