It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
SS7 weakness, leak of phone numbers could let hackers spy on "half of Congress."
A documented weakness in Signaling System 7 has been shown to allow widespread interception of phone calls and text messages (SS7 is the public switched telephone network signaling protocol used to set up and route phone calls; it also allows for things like phone number portability). This weakness in SS7 can even undermine the security of encrypted messaging systems such as WhatsApp and Telegram.
In an April segment of 60 Minutes, Democratic Congressman Ted Lieu of California allowed hackers to demonstrate how they could listen in on his calls. In light of the mass leak of congressional staffers' contact information by hackers, Congressman Lieu is now urging the Federal Communications Commission to take action quickly to fix the problem with SS7. The hackers are purportedly tied to Russian intelligence.
"In light of the recent cyber hack at the [Democratic Congressional Campaign Committee] that released cell phone numbers of all Democratic Members of Congress—reportedly conducted by the Russian Government—our foreign adversaries can now acquire cell phone voice and text data of over 180 Congress members with impunity," Lieu wrote in a letter dated August 22. "This problem is particularly acute given reports that Russia is trying to influence elections in America."
Signaling in telephony is the exchange of control information associated with the setup and release of a telephone call on a telecommunications circuit. Examples of control information are the digits dialed by the caller and the caller's billing number.
When signaling is performed on the same circuit as the conversation of the call, it is termed channel-associated signaling (CAS). This is the case for earlier analogue trunks, multi-frequency (MF) and R2 digital trunks, and DSS1/DASS PBX trunks.
In contrast, SS7 uses common channel signaling, in which the path and facility used by the signaling is separate and distinct from the telecommunications channels that carry the telephone conversation. With CCS, it becomes possible to exchange signaling without first seizing a voice channel, leading to significant savings and performance increases in both signaling and channel usage.
Several SS7 vulnerabilities that allow cell phone users to be secretly tracked were publicized in 2008. In 2014, the media reported a protocol vulnerability of SS7 by which both government agencies and non-state actors can track the movements of cell phone users from virtually anywhere in the world with a success rate of approximately 70%.
In addition, eavesdropping is possible by using the protocol to forward calls and also facilitate decryption by requesting that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded. Karsten Nohl (de) created a tool (SnoopSnitch) which can warn when certain SS7 attacks occur against a phone and detect IMSI-catchers