U.S. Representative Ted W. Lieu, from the 33rd District of California, called on the FCC to expedite the investigation it started on the Signaling System Seven (SS7) earlier this this April. The call comes after recent reports of alleged Russian hacking of members of the U.S. Congress.
The reported hack exposed the phone numbers of 180 members of Congress, among other sensitive information. Due to the SS7 flaw, it should now be relatively easy, especially for state-sponsored attackers, to intercept all of the conversations and messages sent by those phone numbers.
The SS7 vulnerability has existed for decades. However, it’s only in the past few years that the issue has started to become more public. In April of this year, during an episode of 60 Minutes, researchers demonstrated how Rep. Ted Lieu’s phone could be intercepted through the SS7 flaw. That’s when Lieu called on the FCC and NSA to solve this major security issue that affects anyone with a cellphone.
Mere months after this, the hack on 180 members of Congress was reported, which now makes fixing the SS7 protocol more time-sensitive than ever. Rep. Lieu sent a new letter to the FCC, asking the agency to expedite its investigation into the issue.
The FCC has also been guilty of remaining silent on wireless network security issues, including the issue of weak text and voice encryption, and the issue of cell tower simulators being abused by the police and the FBI without warrants.
Rep. Ted Lieu is now calling the SS7 vulnerability, which affects everyone, including members of Congress, a “national security issue:”
“The SS7 problem is no longer a theoretical threat. We now have a mass release of cell phone numbers of Members of Congress likely caused by a Russian government that has full access to utilize the SS7 flaw,” wrote Congressman Lieu.“Because we don’t know how long the hackers had access to this information, it is very possible nearly half of Congress has already had voice and text data intercepted. I write to request that the Federal Communications Commission (FCC) expedite its investigation of the SS7 flaw and for the FCC to give an estimate of when the investigation will be completed. I also write to ask the FCC provide me and other affected members of Congress with what it had learned so far about the SS7 flaw so that we can respond appropriately to the recent hack,” he added.
With wireless carriers already preparing for deployment of 5G technology over the next few years, the FCC and other regulatory bodies could encourage them to fix the SS7 vulnerability, as well.