PINDROP BLOG

Lieu Presses FCC to Speed Up Investigation Into SS7 Flaw

The FCC is four months into its investigation into security issues with the SS7 phone protocol, and a key member of Congress is pushing for the commission to speed up its work and also to brief lawmakers on what the probe has found so far.

In letter sent to FCC Chairman Thomas Wheeler earlier this week, Rep. Ted Lieu (D-Calif.) asked the FCC to “expedite its investigation” into the SS7 bug and to give Congress an estimate of when the process will be completed. Lieu also asked Wheeler to give Congress a complete briefing on where the investigation stands right now and what the commission has learned so far.

Lieu’s letter comes four months after security researcher Karsten Nohl demonstrated a method for exploiting a vulnerability in the SS7 (Signaling System 7) telecom protocol that allowed them to get access to text and data information on Lieu’s phone with just his phone number. The flaw has been well-known in the security and telecom industries for some time, and the root problem is that employees of telecoms around the world who can access subscriber information could exploit it easily.

“The SS7 problem is no longer a theoretical threat.”

In his letter, Lieu said that the recent compromises of the Democratic Congressional Campaign Committee and Republican Congressional Campaign Committee by suspected foreign attackers, which exposed the phone numbers of many members of Congress, could give hackers with knowledge of the SS7 flaw a perfect opportunity to attack legislators.

“The SS7 problem is no longer a theoretical threat. We now have a mass release of cell phone numbers of Members of Congress likely caused by a Russian government that has full access to utilize the SS7 flaw,” Lieu said in his letter.

“Because we don’t know how long the hackers had access to this information, it is very possible nearly half of Congress has already had voice and text data intercepted. Other enemy adversaries, such as North Korea and Iran, could also take this information and acquire the cell phone voice and text data of multiple Members of Congress. The ramifications of the SS7 flaw can be severe, both for our national security and the integrity of American elections.”

The FCC hasn’t said anything publicly about its investigation into SS7’s security issues, nor has it announced when it plans to conclude the process.

Webinar: Call Center Fraud Vectors & Fraudsters Defeated