The US Federal Communications Commission says it is studying mobile carriers’ use of decades-old communications technology with known security bugs after American TV show 60 Minutes reported it could be remotely exploited to spy on callers.
The CBS news program on Sunday showed German computer scientist Karsten Nohl remotely spy on a mobile phone used by US Representative Ted Lieu.
The attack leveraged security bugs in a global telecommunications network known as Signalling System No. 7 or SS7, which is used to connect carriers to facilitate roaming, texting and other communications.
David Simpson, head of the FCC’s Public Safety Bureau, said in a statement on Wednesday that he had asked staff to review SS7, which he said had reached the end of its life, and the transition to more modern technologies.
“The 60 Minutes report highlights the inherent risk encountered when an end-of-life technology is incrementally replaced by a new one,” he said.
Nohl said he expects SS7 will be used for another 10 to 15 years and that its replacement, Diameter, is vulnerable to similar attacks.
The bugs in both technologies can be mitigated with filters, firewalls and other security techniques, he said.
Lieu, a Silicon Valley Democrat, this week called for the House oversight committee to investigate the flaw. A committee spokesman said it is reviewing Lieu’s request.
Lieu said US intelligence agencies such as the National Security Agency may be exploiting the flaw for spying.
Nohl said he eavesdropped on Lieu’s device by sending SS7 messages prompting the carrier to grant him access to Lieu’s devices.
John Marinho, vice president with the Washington-based mobile industry group CTIA, said that Nohl was given “extraordinary access” to a German carrier’s network.
“That is the equivalent of giving a thief the keys to your house,” she said. “That is not representative of how US wireless operators secure and protect their networks.”
Nohl said malicious attackers could obtain similar results by hacking into a carrier’s network, or paying somebody to do so.
“Somebody gave me the keys to their house in Germany. From there, I could take a taxi, a flight, another taxi, and find that the door at AT&T’s headquarter is wide open,” he said.
The London-based GSMA, whose members include over 800 global carriers, said it has issued multiple alerts on SS7 vulnerabilities and ways to fix them since late 2014, when Nohl first publicised the vulnerability.