On Wednesday, the Federal Communications Commission (FCC) announced it would investigate use by cellular carriers use of legacy mobile phone technology vulnerable to attack.
The global mobile network known as Signaling System No. 7 or SS7 is known to be vulnerable to remote attacks that allow others to eavesdrop on phone calls anywhere in the world. The attacks have been made popular by German researcher Karsten Nohl, who previously enumerated all the encryption keys for 2G mobile phones. In a broadcast on last Sunday’s “60 Minutes,” Nohl demonstrated how he could gain access to and listen in on calls made by a member of the U.S. Congress.
Prior to the taping of the episode, California Congressman Ted Lieu gave permission for the hack.
“The ’60 Minutes’ report highlights the inherent risk encountered when an end-of-life technology is incrementally replaced by a new one,” David Simpson, head of the FCC’s Public Safety Bureau, said in a statement.
The technology behind SS7 was first developed in 1975. Simply put it is a low-level set of protocols that the phone networks use to exchange the information for passing calls and text messages between each other. Often this is related to billing. It can also allow an attacker to forward a call to another line, which is how an attacker could eavesdrop on an active call. With access to SS7, someone could also read SMS text messages and physically track the location of phone.
Nohl told the Reuters News Service that malicious attackers could obtain similar results by hacking into a carrier’s network, or paying somebody to do so. “Somebody gave me the keys to their house in Germany. From there, I could take a taxi, a flight, another taxi, and find that the door at AT&T’s headquarter is wide open,” he told the news service.
The FCC suggested it would explore end-of-life options for SS7, however, Nohl has said that its replacement, Diameter, has similar flaws.
While CBS did reach out to respected security professionals for its news segment on mobile phone hacking including Nohl, Adam Laurie, and John Herring, Charlie Miller on Twitter dismissed the reporter’s claim that all phones are hacked as “total FUD.”