Walking free

Privacy hawks in Congress call on Homeland Security to warn Americans of SS7 hacking threat
Mar 15, 2017
Ron WydenDepartment of Homeland SecuritySignaling System 7SS7

Oregon Senator Ron Wyden and California Representative Ted Lieu are pressing the Department of Homeland Security (DHS) on a mobile network vulnerability that they consider to be a systemic digital threat. In a new joint letter, the two members of Congress questioned DHS Secretary John Kelly about flaws inherent in Signaling System 7 (SS7), a global telecommunications protocol that allows phone networks to route calls and texts between users.

In a study publicized during a 2014 security conference in Hamburg, researchers demonstrated how hackers could insert themselves into a device’s call-forwarding function, redirecting calls, and any private information discussed therein, to themselves before bouncing them back to the receiver. In another SS7 technique, hackers could collect nearby texts and calls using a dedicated antenna, going so far as to obtain temporary encryption keys from a wireless carrier, which would later be used to decrypt the content of the correspondence. According to the researchers, end-to-end encryption — widely considered to be the most robust mobile precaution a user can take — could withstand such an attack, but the vast majority of users do not employ such measures.

Some digital privacy advocates suggest that there is little focus on the vulnerability of SS7 because governments are actively exploiting it in their own spying efforts. For example, SS7 tracking systems pair well with IMSI catchers (more commonly called “Stingrays“) used by some U.S. law enforcement agencies, zeroing in on a target’s general location in order to intercept their communications.

Another problem is that because so many wireless providers around the world use the protocol to connect devices on other mobile networks, the system is insecure by design. “SS7 is inherently insecure, and it was never designed to be secure,” GSMA security director James Moran told The Washington Post in a 2014 story about the threat posed by SS7. “It is possible, with access to SS7, to trigger a request for a record from a network.”

In Wednesday’s letter, Wyden and Lieu demanded to know what steps DHS had taken to inform the public about the threat, how the agency plans to protect the private sector, as well as U.S. government officials and the extent to which foreign adversaries may be leveraging SS7-enabled surveillance on U.S. citizens.

“We suspect that most Americans simply have no idea how easy it is for a relatively sophisticated adversary to track their movements, tap their calls, and hack their smartphones,” the letters reads. “We are also concerned that the government has not adequately considered the counterintelligence threat posed by SS7-enabled surveillance.”

Sen. Wyden, a senior member of the Senate Intelligence Committee, has been one of the government’s most vocal advocates in the dig