PINDROP BLOG

FCC Wants Telecoms to Upgrade SS7 Security

The FCC is pushing telecom carriers and other providers to upgrade the security of their networks to address weaknesses in one of the key signaling protocols that underpins phone networks.

The commission has asked providers to implement a set of security best practices for the SS7 signaling protocol that’s been compiled by an FCC advisory committee. SS7 is one of the main protocols for telecom networks, and in the last few years security researchers have identified a number of vulnerabilities and problems with it. Some of the weaknesses can allow attackers to monitor subscribers’ physical locations, listen in to calls, and take other unwanted actions.

In a notice issued Thursday, the FCC encouraged telecom companies to abide by a set of recommendations made by the Communications Security, Reliability, and Interoperability Council, an advisory committee to the FCC.

“SS7 communications plays a critical role in U.S. commercial communications infrastructure. SS7 supports fixed and mobile service providers in processing and routing calls and text messages between networks, enabling fixed and mobile networks to connect, and providing call session information such as Caller ID and billing data for circuit switched infrastructure,” the notice says.

“Over the last several years, numerous research findings and media reports call attention to security vulnerabilities present within SS7 networks. Reports suggest that attackers target SS7 to obtain subscriber information, eavesdrop on subscriber traffic, conduct financial theft, and promulgate denial-of-service attacks (DoS).”

Among the recommendations in the document is that carriers conduct periodic assessments of the security of their SS7 infrastructure and that carriers share information about threats to their networks. The document also recommends that carriers encourage their subscribers to use encryption apps for their voice calls. The FCC’s notice is the latest in a series of indications about the government’s concern about SS7 security. In March, Rep. Ted Lieu and Sen. Ron Wyden sent a letter to the secretary of Homeland Security expressing worries about the problem.

“We are deeply concerned that the security of America’s telecommunications infrastructure is not getting the attention it deserves. Although there have been a few news stories about this topic, we suspect that most Americans simply have no idea how easy it is for a relatively sophisticated adversary to track their movements, tap their calls, and hack their smartphones. We are also concerned that the government has not adequately considered the counterintelligence threat posed by SS7-enabled surveillance,” the letter says.