Top House Dem demands investigation into massive cellular network vulnerability

April 28, 2016
In The News


The Washington Examiner 

A leader in cybersecurity policy is calling on Congress to investigate a flaw that makes cellular devices worldwide vulnerable to surveillance by hackers and foreign intelligence agencies, according to a letter obtained by the Washington Examiner.

"A critical component of our global mobile communications system is the architecture of protocols that directs the content of our mobile communications to their intended destination," Rep. Ted Lieu, D-Calif., wrote in a Monday letter addressed to leaders on the House Oversight and Government Reform Committee. "The majority of telephone companies throughout the world use a set of telephony signaling protocols known as Signaling System Number 7," Lieu said. "According to numerous reports, researchers in Germany have discovered security flaws in SS7 that allow hackers to easily intercept and record communications en route to their destination unbeknownst to the users." 

"The applications of this vulnerability are seemingly limitless, from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring U.S. government officials," Lieu added. The flaw, which allows anyone able to hack the SS7 network to access any device connected to that network, could mean that intelligence services have nearly unrestricted surveillance capability.

"The vulnerability has serious ramifications not only for individual privacy, but also for American innovation, competitiveness and national security. Many innovations in digital security, such as multi-factor authentication using text messages, may be rendered useless." A report over the weekend suggested that while the vulnerability is an "open secret" to officials in the U.S. and elsewhere, it has gone unpatched due to its high value even to American intelligence agencies.

The subject is certain to figure prominently in a Wednesday hearing of the House Subcommittee on Information Technology, where Lieu, a Stanford-educated computer scientist, serves as the ranking Democrat. "I strongly believe that action by the House Oversight and Government Reform Committee is needed to examine the full scope and implications of the SS7 security flaw," Lieu wrote.