Cybersecurity

CISA official warns US telecom networks are vulnerable to spying

Two foundational internetworking protocols have flaws that may expose US consumers to tracking and data interception, according to the official.
article cover

Francis Scialabba

· 3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

A CISA official issued a “highly unusual” filing warning that US telecommunications networks are far more vulnerable to location tracking exploits than they have acknowledged, according to 404 Media.

The CISA official in question wrote in a public filing with the Federal Communications Commission (FCC) that malicious parties are exploiting holes in internetworking protocols used to communicate between telecoms—Signaling System No. 7 (SS7) and Diameter—to track people in the US and intercept calls and texts, 404 Media reported. The filing detailed a number of such attacks, warning they may be “just the tip of the proverbial iceberg,” and that “numerous incidents” have already occurred.

SS7 and Diameter, which date to the 1970s and 1990s respectively, are foundational technologies that enable interconnection between fixed and mobile service providers—but which the Department of Homeland Security warned in 2018 could be vulnerable to “nefarious actors.” In 2017, European telecom O2-Telefonica confirmed SS7 exploits were behind a successful scheme by hackers to drain German bank accounts.

The FCC issued a request for public comment on SS7 and Diameter after Senator Ron Wyden (D-OR) petitioned the White House to investigate “grave threats” posed by flaws in the protocols earlier this year. 404 Media identified the CISA official, who filed the document in response to the request, as Senior Advisor for Telecommunications Kevin Briggs.

CISA didn’t respond to a request for comment from IT Brew by the time of publication, although the agency told 404 Media Briggs wasn’t acting in an official capacity when he filed the comment.

Briggs wrote in the filing that he’d seen “reliable information” that US telecoms have leased global titles—addresses used to route messages which can be abused for tracking purposes—to entities outside the US. He also said SS7 and Diameter exploits may extend beyond location tracking to include not just monitoring of voice and text messages, but “delivery of spyware to targeted devices” and “influencing of US voters by overseas countries using text messages.”

“Much more could be said, but this ends my public comments,” Briggs added.

The CTIA, a telecommunications lobbying group representing AT&T, T-Mobile, and Verizon, among others, stated in its own response to the FCC that “CTIA members AT&T, T-Mobile, UScellular, and Verizon report that they have not detected such incidents on their networks with SS7 and Diameter since 2018.”

The CTIA also wrote that due to technology upgrades, US telecoms are not reporting “the types of SS7 attacks that are still occurring in other regions.”

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.