The security of mobile networks in the United States has been questioned in recent weeks, following a warning from the Department of Homeland Security. In a letter, the Department stated that sinister parties may have exploited global cellular networks with the purpose of targeting the communications of American citizens. Democrat senator Ron Wyden sent a letter to Ajit Pai, chairmain of the FCC (Federal Communications Commission), which is the organization in charge of regulating communications across the states. In the letter, Wyden states that hackers are able to exploit SS7 flaws to track American citizens and get access to their calls and texts. They can steal their financial details and find out if they are at home or not.
In addition, it was reported by multiple media outlets that devices intended to spy on SS7 are widely available and can be obtained by criminals and foreign governments. The letter also mentions that malicious attacks have already taken place as criminals have taken advantage of the weaknesses of SS7. In fact, according to the letter sent by Senator Wyden to the FCC, a leading wireless carrier reported SS7 data breaches to law enforcement, in which customer data was accessed. However, the name of the carrier was not revealed and there was not additional information regarding the severity of the breach. At this time, it is not known if the warning is related to state-sponsored organizations acting for political gain, or criminals who seek to get money.
SS7 stands for Signaling System No 7 and it is a set of telephony signaling protocols that provide the infrastructure for all mobile communications around the world. It ensures that phone networks can establish communication among themselves to connect users and send messages between networks. It also helps to avoid billing mistakes and give users the chance to roam on other networks. SS7 dates back to the 1970s and when it was initially developed, there were no security measures implemented. It is considered as insecure since the late 2000s and in recent years, things have just gotten worse. While at the beginning there were only a few mobile networks, nowadays there are thousands of options around the world and still no security was put in place as it was believed that the risks were not real.
However, in 2014, the security weaknesses in SS7 gave hackers the possibility to record a phone conversation between Geoffrey Pyatt, the US ambassador to Ukraine, and Victoria Nuland, the US Assistant Secretary of State. This exposed the vulnerabilities, although many still believed that communications would remain secure if an encrypted messaging app like WhatsApp, Viber or even Facebook Messenger was used. The reality is that hackers who have access to the SS7 network can take over users’ identities and set up fake accounts that allow them to access messages that belong to those who use messaging apps that require phone numbers to authenticate users. This was demonstrated in 2016 by security researchers. Last year, O2 Telefónica in Germany confirmed that the SS7 network was used by criminals to get around SMS-based two-factor authentication (2FA) to steal money from bank accounts.
What to do?
Senator Wyden asked in his letter to the FCC that the watchdog body addresses the issue accordingly and that it prepares a list of SS7 breaches that have taken place in the last 5 years. However, this is not the first time that a US senator calls for a deeper look into the vulnerabilities and issues related to SS7. In 2016, Senator Ted Lieu asked the FCC to investigate the vulnerabilities of SS7. The problem is that although there was an investigation indeed, the group in charge mainly included telecoms industry lobbyists and there were no academic experts involved.
Initially, the concerns about SS7 were focused on how easy it is for mobile users to be tracked by anyone who can access the network. However, things have changed and lately, what has caused alarm is the fact that it can be used to get access to a great deal of personal information from pretty much every mobile phone user in the world. As previously mentioned, it has been reported that it can also be used to intercept encrypted communications and to bypass 2FA security. It has also been reported that the US police is able to find the location of any phone in the country with the help of SS7. The worse part is that this data can be easily accessed by hackers as well.
There are also many security companies that sell products that enable SS7 hacking. These products can be bought by government organizations, but also by criminals. The problem is that while the US government is aware of the issues with SS7 and it potential to be used by foreign governments to spy on the US, it doesn’t want to address the security issues. This is probably because it relies in the vulnerabilities of SS7 to be carry out its mass-surveillance programs.