The Federal Communications Commission is investigating the use of a decades-old cellular network that could expose data to hackers, the agency announced.
Related Story: http://www.washingtonexaminer.com/article/2588810
A Sunday report on the CBS program “60 Minutes” highlighted a vulnerability in the Signaling System 7 network, which is used by more than 800 telecom providers around the globe. Though they are switching to a more secure network known as “Diameter,” the transition is expected to take more than 10 years, and experts have said the network could be vulnerable to similar exploits.
The dynamic “highlights the inherent risk … when an end-of-life technology is incrementally replaced by a new one,” FCC Public Safety Bureau Chief David Simpson said in a statement late on Wednesday. He added that to protect consumer privacy, carriers should switch to more localized networks.
“The demonstration shown in the segment underscores the importance of vigilance by our nation’s communications providers as they phase out SS7 and transition to IP-based networks,” Simpson said.
The flaw was discovered by Karsten Nohl of the German-based Security Research Labs and was described by the Sunday report as an “open secret” among global intelligence agencies.
Speaking before House lawmakers this week, a Homeland Security official said the agency had reached out to telecom carriers about the issue upon learning of it in 2014, but concluded nothing could be done to fix it. “These are design vulnerabilities,” said Andy Ozment, the assistant secretary for cybersecurity at DHS. “As the system is designed, you cannot fix it, per se.”
Related Story: http://www.washingtonexaminer.com/article/2589056
Instead, Ozment said, carriers can only “monitor their networks for suspicious activity, and then block that suspicious activity.” For instance, a signal from a Chinese company seeking the location of an American lawmaker or intelligence official could set off red flags for a carrier.
Rep. Ted Lieu, D-Calif., pointed out at the same hearing that end-to-end encryption could be used to shield some data from surveillance resulting from the flaw. That could include text messages and telephone calls. However, it will not protect data held on the phone, nor will it prevent the transmission of GPS information.
