FCC studies SS7 security bugs after 60 Minutes report

Written by on April 21, 2016 in News with 0 Comments

Mobile marketing(Reuters) – The U.S. Federal Communications Commission said on Wednesday it is studying mobile carriers’ use of decades-old communications technology with known security bugs after “60 Minutes” reported it could be remotely exploited to spy on callers.

The CBS news program “60 Minutes” on Sunday showed German computer scientist Karsten Nohl remotely spy on a mobile phone used by U.S. Representative Ted Lieu.

The attack leveraged security bugs in a global telecommunications network known as Signaling System No. 7 or SS7, which is used to connect carriers to facilitate roaming, texting and other communications.

David Simpson, head of the FCC’s Public Safety Bureau, said in a statement that he had asked staff to review SS7, which he said had reached the end of its life, and the transition to more modern technologies.

“The ’60 Minutes’ report highlights the inherent risk encountered when an end-of-life technology is incrementally replaced by a new one,” he said.

Nohl said he expects SS7 will be used for another 10 to 15 years and that its replacement, Diameter, is vulnerable to similar attacks.

The bugs in both technologies can be mitigated with filters, firewalls and other security techniques, he said.

Lieu, a Silicon Valley Democrat, this week called for the House Oversight Committee to investigate the flaw. A committee spokesman said it is reviewing Lieu’s request.

Lieu said that U.S. intelligence agencies such as the National Security Agency may be exploiting the flaw for spying.

Nohl said he eavesdropped on Lieu’s device by sending SS7 messages prompting the carrier to grant him access to Lieu’s devices.

John Marinho, vice president with the Washington-based mobile industry group CTIA, said that Nohl was given “extraordinary access” to a German carrier’s network.

“That is the equivalent of giving a thief the keys to your house,” she said. “That is not representative of how U.S. wireless operators secure and protect their networks.”

Nohl said malicious attackers could obtain similar results by hacking into a carrier’s network, or paying somebody to do so.

“Somebody gave me the keys to their house in Germany. From there, I could take a taxi, a flight, another taxi, and find that the door at AT&T’s headquarter is wide open,” he said.

The London-based GSMA, whose members include over 800 global carriers, said it has issued multiple alerts on SS7 vulnerabilities and ways to fix them since late 2014, when Nohl first publicized the vulnerability.

(Reporting by Dustin Volz; Editing by Alan Crosby)

Tags: , , ,

About the Author

About the Author: Thomson Reuters is the world's largest international multimedia news agency, providing investing news, world news, business news, technology news, headline news, small business news, news alerts, personal finance, stock market, and mutual funds information available on Reuters.com, video, mobile, and interactive television platforms. .

Subscribe

If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
%d bloggers like this: