CTIA Weighs In On SS7 Hack, US Carriers Silent

A report from CBS' 60 Minutes over the weekend highlighted a disturbing vulnerability in modern cellular communications, specifically the SS7 protocol used for voice, text and billing, that could apparently give out a great deal of user information with the only requirement being for the hacker to have the phone number of their intended target. Demonstrated originally by German security research Karsten Nohl, the hack was brought to public attention when CBS gave U.S. Congressman Ted Lieu of California an iPhone that would serve as a target. Nohl and his team were able to gather info such as who Lieu contacted, the content of SMS messages and the locations of everybody involved. Over a year after the hack was originally reported, it had yet to be patched. Some say this is due to international intelligence agencies using the hack themselves and not wanting it patched up.

While U.S. carriers did not want to discuss the matter when our source, Fierce Wireless, asked them for comment, there was one agency who was glad to address the hack. The Cellular Telephone Industries Association, or CTIA, dismissed the demonstration of the hack, saying that the demonstration given required "extraordinary access" to some of the German networks used and would not reflect the current state of mobile network security in the U.S., despite the test target for the demonstration being on U.S. soil. Instead, they maintained that the security hole was null and void in the United States. It should be noted that the iPhone that Congressman Lieu was given was not under end to end encryption, or any more encryption than most users have on an every day basis.

Congressman Lieu, on the other hand, has made a motion to open up a congressional investigation into the vulnerability, how secure American airwaves are and how the hole can be patched up. According to Lieu, the possible applications for a hack of this nature are vast and it should be a priority to address the vulnerability. He wants it looked into by the House Oversight and Government Reform Committee, which he happens to be a member of. Given that this vulnerability was made very public and went mostly unaddressed, as well as the fact that there are whispers that the vulnerability may be a government tool of sorts, nobody can really guess whether the investigation will get off the ground.

Copyright ©2019 Android Headlines. All Rights Reserved
This post may contain affiliate links. See our privacy policy for more information.
You May Like These
More Like This:
About the Author
2018/10/Daniel-Fuller-2018.jpg

Daniel Fuller

Senior Staff Writer
Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, voice assistants, AI technology development, and hot gaming news in the Android world. Contact him at [email protected]