With the Republican administration in Washington grappling with new disputes seemingly on a daily basis, two Democratic Congressmen, known to be technologically savvy and vocal about cybersecurity issues, are now demanding answers from the Department of Homeland Security (DHS) about why it’s dragging its feet over the reported Signaling System 7 (SS7) security flaws in the country’s mobile phone networks, potentially leaving millions vulnerable to the threat of cyber-attacks. Oregon Senator Ron Wyden and California Representative Ted Lieu have sent an open letter to the newly-appointed secretary of Homeland Security, Gen. John F. Kelly, asking him to reveal the steps taken by his department to address the vulnerabilities found in the SS7 protocol years ago.
SS7 was reportedly designed way back in the 1980s, and according to reports, is used primarily to interconnect cellphone networks. Having been designed that far back, experts argue that it falls way short of security standards expected in the 21st century. Just how inherently vulnerable the technology can be, was demonstrated back in 2014 when German researchers detailed their findings at the Chaos Communication Congress hacker conference in Hamburg. The vulnerability can apparently be used by sophisticated attackers with access to a carrier’s internal infrastructure to obtain a victim’s location, harvest their messages and eavesdrop on their calls. What it means is essence, is that a compromised carrier anywhere in the world could potentially become a security nightmare for all mobile users around the world.
With the controversy surrounding the hacking of the Democratic National Convention by alleged Russian spies and its subsequent electoral fallout refusing to go away, the focus on cybersecurity and state-sponsored cyber-attacks has become stronger and more glaring than ever before. Which is exactly why many cybersecurity experts are already praising the move by these two Democratic Congressmen for taking “measured, considered positions on highly technical and complex issues such as encryption and law enforcement hacking”. While these debates and discussions around the SS7 vulnerabilities are certainly welcome, some cybersecurity analysts seem to believe that governments around the world are unwilling to do much about this issue as it helps them keep an eye on private citizens. That being the case, it will be interesting to see how Gen. Kelly and his department responds to this letter from Sen. Wyden and Rep. Lieu.