Senator Ron Wyden [D-OR] has sent a letter to the DHS with his view that "nefarious actors may have exploited" the cellular phone system "to target the communications of American citizens."
He's referring to well-understood vulnerabilities in the ancient, creaking SS7 messaging system (previously), which allows anyone in the world who knows your cellular number to attack your phone, trying to get it to reveal your location and allow eavesdropping on your messages and voice-calls.
SS7 is known to be widely exploited by criminals; on at least one Tor hidden service marketplace, you can subscribe to cellular tracking tools for a few hundred dollars per month. Cyber-arms-dealers that service governments also routinely sell SS7 exploitation kits. The Israeli cyber-arms-dealer Ability advertises that its products can hack the phones of people in New York, Los Angeles or Massachusetts (Ability says it sells spy agencies from 50 states around the world).
Spy agencies — including US spy agencies — are well-understood to be fond of exploiting SS7 to attack their targets (this may explain the US's tardiness to fix its SS7 network — the NSA has repeatedly shown that it views leaving Americans vulnerable as an acceptable price to pay for retaining the capacity to attack its adversaries).
In March 2017, the DHS finally issued guidance to mobile carriers about defending their networks against SS& exploitation using firewalls, and while the carriers have generally complied, the countermeasures are imperfect and some experts estimate that "thousands" of SS7 attacks are carried out successfully every year.
The DHS stopped short of mandating external audits and reports on SS7 vulnerabilities for US carriers — something that other governments (like the UK's) require.
The DHS report recommended that carriers adopt new protections. An FCC group, the Communications Security, Reliability and Interoperabilty Council, issued recommendations for improving SS7 security in March 2017 that U.S. carriers have largely adopted.
But Wyden and some other officials say the government must do more to protect American cellphone users by documenting SS7 breaches and commissioning independent testing of the vulnerabilities in national cellular networks — a step that Britain and some other nations have taken.
"The FCC has been studying SS7 vulnerabilities for nearly two years. Enough," said FCC Commissioner Jessica Rosenworcel, a Democrat. "It's time for the agency to get serious and come up with a real plan to make sure that our networks are safe and secure."
How spies can use your cellphone to find you – and eavesdrop on your calls and texts too [Craig Timberg/Washington Post]
(via Naked Capitalism)