Legislators recently encouraged the FCC to investigate vulnerabilities in the SS7 protocol for wireless communications....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
What is SS7, and what are the issues with it?
Signaling System 7, or SS7, connects your calls from one cell tower to another as you travel.
Your phone number is all the hackers need to record conversations and messages between you and a business partner or a legislator. If you use your phone's map to help you reach your destination, the hackers can track your movements from one place to another. Phone numbers are available on social media or can be collected through airwaves via radio antennas.
There are no rules mandating that the Federal Communications Commission (FCC) address flaws in wireless communication systems.
The SS7 protocol lets you make calls outside of your home service -- within or outside the United States' borders. Unknown to many cellphone users, vulnerabilities lurk in the SS7 protocol. Hackers can send commands to SS7 to hijack's a cellphone's forwarding function and redirect calls to themselves for listening or recording. These calls are then quickly forwarded to the intended recipient of your call. Using malicious tools, hackers can also intercept your emails and get the cellphone's camera to spy on you.
Recognizing major flaws in cellular networks in the United States, Sen. Ron Wyden (D-Ore.) and Rep. Ted Lieu (D-Calif.) together wrote a letter to FCC head Ajit Pai on known security issues in modern communications, including the SS7 protocol. They asked the FCC to force cellular companies to address these vulnerabilities, warn the American people on ways foreign governments can hack their mobile data and promote the use of end-to-end encryption apps.
However, the chairman responded that cybersecurity is not the FCC's problem. Sen. Wyden has been persistent on mandating cybersecurity practices to protect Senate email and digital networks.
To make matters more urgent, hackers recently used this vulnerability in the SS7 protocol to hack into the accounts of banking customers in Germany.
It's unclear what action the federal government will take regarding SS7.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Learn about the different wireless security protocols
Read about the transformation of wireless network security
Find out if eavesdropping over the SS7 protocol can be prevented
Dig Deeper on Mobile security threats and prevention
Related Q&A from Judith Myerson
NIST recently issued guidance on mitigating the security risks of application containers. Expert Judith Myerson outlines some of the risks and fixes ...continue reading
BrickerBot is similar to other IoT malware like Mirai, Hajime and others. Expert Judith Myerson explains what makes BrickerBot different, and what ...continue reading
A wave of Jenkins vulnerabilities related to plug-ins were recently discovered. Expert Judith Myerson explains the flaws and how enterprises should ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.