Another Report Highlights How Wireless SS7 Flaw Is Putting Everyone's Privacy At Risk
from the we'll-get-around-to-it dept
Last year, hackers and security researchers highlighted long-standing vulnerabilities in Signaling System 7 (SS7, or Common Channel Signalling System 7 in the US), a series of protocols first built in 1975 to help connect phone carriers around the world. While the problem isn't new, a 2016 60 minutes report brought wider attention to the fact that the flaw can allow a hacker to track user location, dodge encryption, and even record private conversations. All while the intrusion looks like like ordinary carrier to carrier chatter among a sea of other, "privileged peering relationships."
Telecom lobbyists have routinely tried to downplay the flaw after carriers have failed to do enough to stop hackers from exploiting it. In Canada for example, the CBC recently noted how Bell and Rogers weren't even willing to talk about the flaw after the news outlet published an investigation showing how, using only the number of his mobile phone, it was possible to intercept the calls and movements of Quebec NDP MP Matthew Dubé.
Again the flaw isn't new; a group of German hackers revealed the vulnerability in 2008 and again in 2014. It's believed that the intelligence community has known about the vulnerability even earlier, and the hackers note that only modest headway has been made since German hacker Karsten Nohl first demonstrated it. But the flaw has gained renewed attention in recent weeks after Senator Ron Wyden sent a letter to the FCC (pdf) complaining that the agency isn't doing enough (read: anything) to address it:
"One year ago I urged you to address serious cybersecurity vulnerabilities in U.S. telephone networks. To date, your Federal Communications Commission has done nothing but sit on its hands, leaving every American with a mobile phone at risk."
Apparently, shoring up national security wasn't as big of a priority as gutting net neutrality or eliminating consumer privacy protections at Comcast and AT&T's behest. Wireless carriers have been downplaying the flaw, in part because of the cost of fixing it. But they also worry it will be used to justify more meaningful privacy protections here in the States. When the DHS published a 125 page report (pdf) detailing the scope of the problem, lobbyists for the industry called the problem "theoretical," and the report "unhelpful," calling the report's advocacy for regulatory and legislative solutions "alarming."
And while carriers have implemented some security standards to address the SS7 probem, at its core SS7 lacks a mechanism to ensure that carriers sending data requests are who they claim to be. And while some of the firewall solutions carriers have adopted can protect some of their own consumers, these fixes don't extend to users who may be roaming on their networks. By and large, a large chunk of the problem is that these companies don't want to spend the necessary time and money to engineer a real solution, especially if their intelligence partners are benefiting from it.
In a follow up report over at the Washington Post, the paper notes how the flaw at this point is far from theoretical, and is routinely exploited en masse by numerous intelligence agencies (including the United States):
"Wyden said the risks posed by SS7 surveillance go beyond privacy to affect national security. American, Chinese, Israeli and Russian intelligence agencies are the most active users of SS7 surveillance, experts say, and private-sector vendors have put systems within the reach of dozens of other governments worldwide. Sophisticated criminals and private providers of business intelligence also use the surveillance technology.
Other experts said SS7 surveillance techniques are widely used worldwide, especially in less developed regions where cellular networks are less sophisticated and may not have any protection against tracking and interception. But the experts agreed that Americans are significant targets, especially of rival governments eager to collect intelligence in the United States and other nations where Americans use their cellphones.
And again, that's a particular problem for a country whose President thinks basic phone security is too much of a hassle. For a country that's currently spending an ocean of calories trying to blacklist Chinese network vendors under breathless claims of national security, you'd think a massive problem with global privacy and security implications would get a little more attention.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: hacking, mobile carriers, privacy, ss7
Reader Comments
Subscribe: RSS
View by: Time | Thread
NSA and the like call that a feature, not a bug.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
That doesn't do much when the telcos are straight-up selling your location data, as we saw with LocationSmart a few weeks ago. At this point, any "fix" would be to protect a revenue source rather than customer privacy. This SS7 thing is effectively bypassing their paywall.
[ link to this | view in chronology ]
Firewalls
Just to be clear about what this is saying: the software is designed to respond to these queries from anyone. Rather than fixing the software, such as by requiring authentication or disabling these queries altogether, they'd be adding another layer of software on top to just block people from making those requests.
Such solutions are problematic for at least two reasons:
[ link to this | view in chronology ]
Could there be a surveillance reason for not fixing this?
[ link to this | view in chronology ]
Re: Could there be a surveillance reason for not fixing this?
[ link to this | view in chronology ]
Anyone?
[ link to this | view in chronology ]