Two of the most technically literate US politicians want to know why America's Homeland Security is dragging its feet over SS7 security flaws in our mobile phone networks.
The Signaling System 7 protocol is used to, among other things, interconnect cellphone networks. It was developed in the 1980s and has virtually no security defenses built in. Exploiting its design weaknesses to obtain a victim's location, harvest their messages, and listen in on calls was demonstrated in 2014 – although, like similar attacks, it requires access to a telco's internal infrastructure.
That raises the barrier of entry for attackers, but not high enough to shut out state-level spies, determined miscreants with similar resources, or corrupt insiders. It essentially means, for example, a carrier in Africa or the Middle East could compromise networks in Europe and America, and vice-versa.
Last year, a security firm successfully demonstrated how SS7 could be manipulated using a low-cost Linux-based computer and a publicly available SDK – although, again, you need to be inside the telecoms infrastructure to do this [white paper PDF p5].
On Wednesday, Senator Ron Wyden (D-OR) and Representative Ted Lieu (D-CA) sent an open letter [PDF] to Homeland Security Secretary John Kelly asking for an update on its progress in addressing the SS7 design shortcomings. It also asks why the agency isn't doing more to alert the public about the issue.
"We suspect that most Americans simply have no idea how easy it is for a relatively sophisticated adversary to track their movements, tap their calls, and hack their smartphones," the letter states. "We are also concerned that the government has not adequately considered the counterintelligence threat posed by SS7-enabled surveillance."
One good reason not to put the frighteners on the public is because there's not much people can do about it. This is a network-level problem, and it doesn't matter if you're running a super-hardened phone or a cheap Chinese knockoff – they are equally vulnerable. There have been no mass hacks using SS7 reported, so it's not as though script kiddies are running around listening to strangers' calls and stealing two-factor authentication tokens.
And, you know, maybe America's intelligence services like the idea of, for them, easily compromised networks.
Meanwhile, cell network operators complain that fixing SS7 is a very difficult and expensive process but they are working on it. Some have suggested that the reason SS7 is still around is because the intelligence community loves it and wants to keep the surveillance opportunities it affords.
Speaking of spying
Senator Wyden also took to the floor of the US Senate today to ask why he's still waiting to find out how many Americans have been caught up in the surveillance dragnet being run by the NSA, six years after he first asked for the information.
The issue is with the use of Section 702 of America's Foreign Intelligence Surveillance Act (FISA), which is up for renewal at the end of the year. Section 702 allows the security services to monitor any non-US citizen's communications in the US national interest, but Wyden is concerned at how many Americans are being spied on under the auspices of the legislation.
"Congress and the American people deserve a fully informed debate about this reauthorization. And we can't have that debate unless we know the impact of Section 702 on the privacy and constitutional rights of Americans," Wyden said.
"So the key question is, and has always been: how many law-abiding Americans are having their communications swept in all that collection? Without even an estimate of that number, there is no way to judge what Section 702 means for the civil liberties of Americans."
Wyden and other senators first asked for this information back in 2011, then again in 2012 and 2014, but have heard nothing back. Based on past experience, he shouldn't hold his breath expecting a response from the new political administration. ®