With politicians worried about the rise in Russian (and other) hacking, Representative Ted Lieu has urged the FCC to accelerate its investigation into the SS7 wireless flaw that made headlines earlier this year. Last April 60 minutes featured a report on the flaw inherent in Signaling System 7 (SS7, or Common Channel Signalling System 7 in the US), a series of protocols first built in 1975 to help connect phone carriers around the world.
In the report, 60 minutes gives a new iPhone to California Representative Ted Lieu, and then challenged a group of hackers to hack the device. The hackers were more than successful, showing they were not only able to track the Representative’s location data, but record his conversations.
The flaw isn’t new; a group of German hackers revealed the vulnerability in late 2014. It’s believed that the intelligence community has known about the vulnerability even earlier, and the hackers note that nothing has been done to shore up the flaw since German hacker Karsten Nohl first demonstrated it.
And despite the heavy media coverage last April, the flaw still isn’t fixed. In a letter to the FCC (hat tip, Tom’s Hardware), Lieu urged the FCC to speed up its investigation and quickly release a detail of its findings to Congress.
“The SS7 problem is no longer a theoretical threat. We now have a mass release of cell phone numbers of Members of Congress likely caused by a Russian government that has full access to utilize the SS7 flaw,” wrote Congressman Lieu. “Because we don t know how long the hackers had access to this information, it is very possible nearly half of Congress has already had voice and text data intercepted.”
“I write to request that the Federal Communications Commission (FCC) expedite its investigation of the SS7 flaw and for the FCC to give an estimate of when the investigation will be completed,” he added. “I also write to ask the FCC provide me and other affected members of Congress with what it had learned so far about the SS7 flaw so that we can respond appropriately to the recent hack.”
Some have argued the SS7 issue isn’t a flaw; it was intentionally designed that way.