Congressman to FCC: Fix phone network flaw that allows eavesdropping

SS7 weakness, leak of phone numbers could let hackers spy on "half of Congress."

A documented weakness in Signaling System 7 has been shown to allow widespread interception of phone calls and text messages (SS7 is the public switched telephone network signaling protocol used to set up and route phone calls; it also allows for things like phone number portability). This weakness in SS7 can even undermine the security of encrypted messaging systems such as WhatsApp and Telegram.

In an April segment of 60 Minutes, Democratic Congressman Ted Lieu of California allowed hackers to demonstrate how they could listen in on his calls. In light of the mass leak of congressional staffers' contact information by hackers, Congressman Lieu is now urging the Federal Communications Commission to take action quickly to fix the problem with SS7. The hackers are purportedly tied to Russian intelligence.
...
"In light of the recent cyber hack at the [Democratic Congressional Campaign Committee] that released cell phone numbers of all Democratic Members of Congress—reportedly conducted by the Russian Government—our foreign adversaries can now acquire cell phone voice and text data of over 180 Congress members with impunity," Lieu wrote in a letter dated August 22. "This problem is particularly acute given reports that Russia is trying to influence elections in America."

Link

Hmm. Now that Congress thinks their communications are at risk, they want something done. The government spying on it's citizens isn't a big deal though. And if it didn't affect them I doubt they would care. IMO, It does show they are well behind the curve in what goes on out in cyberland.

I suppose there is nothing like being touched by something to open the eyes.

a reply to: roadgravel

But that might undermine Fed.Gov's / TPTB's ability to monitor US. So then it'd come down a debate of whose the bigger threat to Them. I'm not so sure They wouldn't chose US, which might explain why it's still the way it is.

Should read like this. ...
Congress wants fcc to fix it so no one can listen to them and make it easier for them to listen in on the rest of the world.

Haha with an old c123, the right baluns, a steady hand for soldering the SMDs and some experience in scripting and programming, this was always possible.

With the right connections you´re even able to locate the SIM (get the cell location it´s registered currently).
Some providers secured it a bit, but it´s still possible to set up a custom basestation with the right knowledge. Man in the middle.

Signaling in telephony is the exchange of control information associated with the setup and release of a telephone call on a telecommunications circuit. Examples of control information are the digits dialed by the caller and the caller's billing number.

When signaling is performed on the same circuit as the conversation of the call, it is termed channel-associated signaling (CAS). This is the case for earlier analogue trunks, multi-frequency (MF) and R2 digital trunks, and DSS1/DASS PBX trunks.[citation needed]

In contrast, SS7 uses common channel signaling, in which the path and facility used by the signaling is separate and distinct from the telecommunications channels that carry the telephone conversation. With CCS, it becomes possible to exchange signaling without first seizing a voice channel, leading to significant savings and performance increases in both signaling and channel usage.
...
Several SS7 vulnerabilities that allow cell phone users to be secretly tracked were publicized in 2008. In 2014, the media reported a protocol vulnerability of SS7 by which both government agencies and non-state actors can track the movements of cell phone users from virtually anywhere in the world with a success rate of approximately 70%.

In addition, eavesdropping is possible by using the protocol to forward calls and also facilitate decryption by requesting that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded. Karsten Nohl (de) created a tool (SnoopSnitch) which can warn when certain SS7 attacks occur against a phone and detect IMSI-catchers

en.wikipedia.org...

a reply to: roadgravel
There is a big team around Mr. Nohl...
The world is very small.

Go look for a current thread about VR and smartphones.
There, I wrote something next to "A5".

Alright, you youngsters are starting to tax my old noggin.

Any signal that is transmitted is encrypted and/or uses spatial and/or frequency techniques to make the interception more difficult. It is after all, an algorithm/method that makes this possible (for the signal to be transmitted) and then be received by the authorized receiver and be decoded. By this virtue alone, a key exists for decoding (however improbable that may be to solve).

One of the most secure methods of transmission is what Andrew Lemke has described, coupled with one-time use cipher pads. Because there isn't a long enough sequence to decide patterns or a cipher to break per se, one-time bursty transmissions were/are next to impossible to break/eavesdrop.

And....... this is the next new com toy, but sooner or later it will be penetrated as well.

users.jyu.fi...

a reply to: flatbush71
nice google skills.
Here is the guy who wrote the text originally, that you posted as your own:
Faisal Khan, Banking, Payments & Fintech Consultant

I knew I´ve read this before somewhere. At least mark it as external, if you use others thoughts. Is see you are a new member. But it´s a common thing to quote a text that you have not written yourself. For that, you use either the quote tag, if you quote someone in the thread. Or if it´s from an external source, tag it as external and link to the page where you copied the text. That´s a big no-no on ATS, and the internet in general.

The method you posted is not useful for the current GSM specs.