A Major Wireless Network Flaw Is Still Being Exploited To Track User Locations

from the fix-your-shit dept

In 2017, hackers and security researchers highlighted long-standing vulnerabilities in Signaling System 7 (SS7, or Common Channel Signalling System 7 in the US), a series of protocols first built in 1975 to help connect phone carriers around the world. While the problem isn’t new, a 2016 60 Minutes report brought wider attention to the fact that the flaw can allow a hacker to track user location, dodge encryption, and even record private conversations. All while the intrusion looks like ordinary carrier to carrier chatter among a sea of other, “privileged peering relationships.”

Telecom carriers and lobbyists have routinely downplayed the flaw and their multi-year failure to do much about it. In 2018, the CBC noted how Canadian wireless providers Bell and Rogers weren’t even willing to talk about the flaw after the news outlet published an investigation showing how (using only a mobile phone number) it was possible to intercept the calls and movements of Quebec NDP MP Matthew Dubé.

Now there’s yet another wake up call: a new report from the Guardian indicates that Rayzone, an Israeli corporate spy agency that provides its government clients with “geolocation tools,” has been exploiting the flaw for some time to provide clients access to user location information and, potentially, the contents of communications. Apparently, the company first leased an access point in the network of Sure Guernsey, a mobile operator in the Channel Islands. From there, it appears to have exploited the SS7 flaw to track users in numerous additional countries:

“Industry sources with access to sensitive communications data say there is recent evidence of a steady stream of apparently suspicious signaling messages directed via the Channel Islands to phone networks worldwide, with hundreds of messages routed via Sure Guernsey and another operator, Jersey Airtel, to phone networks in North America, Europe and Africa in August.”

Of course, as with other past reveals of this type (like when Saudi Arabia was also found to be doing something similar to track targets inside the U.S.), the companies involved either insist they know nothing about such exploitation, or that they’re vaguely aware of it, and have done everything possible to prohibit it from happening. Though one reason many telcos may not have been particularly keen on cracking down on the practice is that numerous western governments very likely exploit the SS7 flaw as well.

Senator Ron Wyden demanded answers as early as 2017 from mobile phone companies as to why they haven’t done more to thwart the practice, and, last I checked, is still awaiting a response. For smaller carriers it can also be expensive and complicated to remedy the problem, which makes them even easier targets for exploitation. Experts say the U.S. FCC, as you might expect, hasn’t done much of anything to coordinate a response to the threat:

Instead, as the SolarWinds supply chain hack illustrates, America under Trump spent countless calories hyperventilating over nonsense like TikTok instead of focusing on the vast number of very real cybersecurity threats that actually pose a risk to international consumer, government, and business privacy.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team

Filed Under: geolocation, location data, privacy, ss7, surveillance