The United States Department of Homeland Security was recently questioned by Oregon Senator Ron Wyden and California Representative Ted Lieu, regarding a mobile network vulnerability that was considered to be a systemic digital threat by the two. Referring to the Signaling System 7 (SS7), the two questioned the DHS about the measures it had taken to raise public awareness regarding the threat.
SS7 is actually a global telecommunications protocol that allows phone networks to facilitate calls and texts between users. It shot to prominence a couple of years earlier, after researchers showed how hackers could use the protocol to get into a device’s call forwarding function. This allowed them to redirect calls to themselves before forwarding them to the receiver.
Vulnerabilities in the protocol could also be used to collect all the nearby calls and messages using an antennae. They could also obtain temporary encryption keys from a wireless carrier, and then use the same to decrypt all the calls and messages collected by them.
End to end encryption is a solution which has proved itself to be resilient to the exploitation of the SS7 protocol. But lets face it, most of us heard about end to end after WhatsApp first implemented it. So there is really a slim chance that the target would be taking such precautions. It is rather strange that the government hasn’t taken active steps to acquaint the public with the danger to their privacy.
Many privacy advocates have argued that this strange lapse on the government’s part is because of the fact that it itself is busy exploiting it. The letter from Wyden and Lieu seeks to look into the matter and has asked the DHS to clarify the steps it had taken to inform US citizens of the threat.
As per the letter:
We suspect that most Americans simply have no idea how easy it is for a relatively sophisticated adversary to track their movements, tap their calls, and hack their smartphones. We are also concerned that the government has not adequately considered the counterintelligence threat posed by SS7-enabled surveillance.