Technology content trusted in North America and globally since 1999
8,259 Reviews & Articles | 62,689 News Posts

Congress is finally investigating SS7 mobile network security flaw

An aging cellular protocol, SS7 has been found to be terribly insecure by a group of security researchers which has prompted a congressional inquest
By: Jeff Williams | Hacking & Security News | Posted: Apr 19, 2016 6:05 pm

Cellular networks are already pretty insecure as they are. Voice is sent unencrypted and in the clear despite having the necessary hardware to support even light encryption methods. Spoofing cellular towers, too, isn't exactly the most difficult thing to do either, but that's small potatoes compared to a vulnerability in the Signalling System No. 7 telephony protocol that can allow a potential malefactor to track you across the globe, with relative ease. Congress is now taking an interest and investigating these vulnerabilities.




The interest in the issue began with the airing of a 60 Minutes piece where Sharyn Alfonsi and a German computing enthusiast who specializes in nefarious programming techniques, showed off just how easy it is to exploit the SS7 protocol to track cellphone users. To demonstrate their point, the pair recruited US Representative Ted Lieu and asked him to use a new, not modified, iPhone when conducting staff phone calls. With just the phone number, they were able to pinpoint the location of the US Representative wherever he had the phone, and they were even able to record conversations he was having as well. It apparently didn't take much effort on the part of the researchers, either.


Mr. Lieu, following the demonstration he took part in, called for an official full investigation into the matter so that the vulnerabilities can be addressed. The flaw is something that potentially affects quite a few different markets, within the US and abroad, which could pose serious privacy issues. Not to mention if someone should use the flaw to target individuals as part of pre-meditated actions.




SS7 is an old protocol, first conceived of in 1975, that is used for creating and terminating phone calls. It's also the backbone of a lot of other telephony services, such as the exchange of numbers in caller ID and even for SMS messaging. The protocol is mostly universal with some differences between international networks, and can be accessed with open-source software and inexpensive hardware. the solution would be to update the aging protocol completely, bringing it into the modern age with privacy in mind, though that might mean a complete overhaul of cellular towers as well.

Related Tags

Got an opinion on this news? Post a comment below!