Congressional leaders are continuing to pressure federal agencies to address shortcomings in the security of the telecommunications infrastructure, specifically to warn consumers about weaknesses that can open them up to remote surveillance.
In a letter sent Tuesday, Rep. Ted Lieu and Sen. Ron Wyden asked FCC Chairman Ajit Pai to take “swift action” to resolve problems with the SS7 system that is used for communications among carriers. Security researchers have warned about serious weaknesses in the system for several years, including a vulnerability that allows anyone with access to the system to monitor the activities of a users with just their phone numbers.
“The continued existence of these vulnerabilities – and the industry’s lax approach to cybersecurity – does not just impact the liberty of Americans, it also poses a serious threat to our national and economic security. As such, the FCC must take swift action to address fundamental security threats to our mobile phones, which are no less dangerous than those cybersecurity threats that receive far more attention from other government agencies,” the letter says.
Lieu (D-Calif.) and Wyden (D-Ore.) both have been pushing the federal government to look at the SS7 issue for some time. Last year Lieu asked Congress to investigate the problem and just last week, he and Wyden sent a separate letter to the secretary of Homeland Security asking the secretary to lay out the actions that DHS has taken to fix the problem. The SS7 system is a collection of protocols that no individual organization is responsible for, so fixing the vulnerabilities is not an easy task. In their letter to Pai, Lieu and Wyden say that it’s time for the FCC to step in and address the situation, as the carriers have no done so on their own. The FCC’s Communications, Security, Reliability and Interoperability Council released a report earlier this month on the issue, which Lieu and Wyden cite as a good starting point.
“It is clear that industry self-regulation is not working when it comes to telecommunications cybersecurity. We urge to take swift action in this are in three ways. First, by forcing the cellular industry to address these serious cybersecurity vulnerabilities. Second, by warning the American public that their movements, communications, and devices may be vulnerable to foreign governments and hackers. And third, by promoting th use of end-to-endencryption apps, which, as the CSRIC working group stated, can be used to mitigate some of the SS7 risks,” the letter says.