As reported by Reuters, the Federal Communications Commission (FCC) has announced that it now taking a closer look at wireless carriers’ use of a rather old telecommunications tech which has been proven to be riddled with security flaws, especially after a report by CBS’ 60 Minutes indicated that this tech can be remotely utilized by third parties to sneakily eavesdrop on mobile users.
In the 60 Minutes segment that aired a few days ago, German computer expert Karsten Nohl spying on a handset used by US Representative Ted Lieu. This was accomplished by exploiting certain flaws in a worldwide mobile network called Signaling System Seven (SS7), which is used by wireless carriers around the world to ferry their roaming calls, text messages, and other forms of communications. Nohl spied on Lieu’s handset by transmitting SS7 messages prompting the mobile network to provide him with access to the US Representative’s device.
According to David Simpson, the head of the Public Safety Bureau at the FCC, he had personally requested staff at the agency to look into the security flaws of SS7, which according to him has outlived its usefulness, and should be transitioned to newer, better and presumably safer forms of communications technologies.
But according to Nohl, SS7 will probably be used for another decade or so. And even if it transitions to its likely replacement, Diameter, the new technology is still vulnerable to the same attacks that are currently plaguing SS7. Still, Nohl notes that the vulnerabilities in both SS7 and Diameter can be alleviated with the strategic use of filters, firewalls, and other security protocols.
It was in 2014 when Nohl first demoed the security flaws of SS7. Since then, the GSM Association, which consists of more than 800 wireless carrier members across the globe, has proceeded to release multiple alerts regarding SS7’s flaws, plus various ways in which these vulnerabilities can be addressed.
One thing is certain about SS7 though -- something needs to be done now. And it is not just the FCC and Nohl trying to call attention to SS7’s flaws. US Representative Lieu is also calling for the House Oversight Committee to also review the vulnerabilities present in the network. According to Lieu, intelligence agencies, including the US’ own National Security Agency, may be taking full advantage of SS7’s vulnerabilities for purposes of espionage. And criminals could be exploiting the flaws, too, and there’s no telling how far they will go with access like that.
