A Major Wireless Network Flaw Is Still Being Exploited To Track User Locations

By Karl Bode, Dec 23, 2020 | Original Techdirt article here.

In 2017, hackers and security researchers highlighted long-standing vulnerabilities in Signaling System 7 (SS7, or Common Channel Signalling System 7 in the US), a series of protocols first built in 1975 to help connect phone carriers around the world. While the problem isn’t new, a 2016 60 Minutes report brought wider attention to the fact that the flaw can allow a hacker to track user location, dodge encryption, and even record private conversations. All while the intrusion looks like ordinary carrier to carrier chatter among a sea of other, "privileged peering relationships."

Telecom carriers and lobbyists have routinely downplayed the flaw and their multi-year failure to do much about it. In 2018, the CBC noted how Canadian wireless providers Bell and Rogers weren’t even willing to talk about the flaw after the news outlet published an investigation showing how (using only a mobile phone number) it was possible to intercept the calls and movements of Quebec NDP MP Matthew Dubé.

Now there’s yet another wake up call: a new report from the Guardian indicates that Rayzone, an Israeli corporate spy agency that provides its government clients with “geolocation tools," has been exploiting the flaw for some time to provide clients access to user location information and, potentially, the contents of communications. Apparently, the company first leased an access point in the network of Sure Guernsey, a mobile operator in the Channel Islands. From there, it appears to have exploited the SS7 flaw to track users in numerous additional countries:

"Industry sources with access to sensitive communications data say there is recent evidence of a steady stream of apparently suspicious signaling messages directed via the Channel Islands to phone networks worldwide, with hundreds of messages routed via Sure Guernsey and another operator, Jersey Airtel, to phone networks in North America, Europe and Africa in August."

Of course, as with other past reveals of this type (like when Saudi Arabia was also found to be doing something similar to track targets inside the U.S.), the companies involved either insist they know nothing about such exploitation, or that they’re vaguely aware of it, and have done everything possible to prohibit it from happening. Though one reason many Telecoms may not have been particularly keen on cracking down on the practice is that numerous western governments very likely exploit the SS7 flaw as well.

Senator Ron Wyden demanded answers as early as 2017 from mobile phone companies as to why they haven’t done more to thwart the practice, and, last I checked, is still awaiting a response. For smaller carriers it can also be expensive and complicated to remedy the problem, which makes them even easier targets for exploitation. Experts say the U.S. FCC, as you might expect, hasn’t done much of anything to coordinate a response to the threat:

6/Things are especially broken in the US. Experts have made the problem clear, @DHSgov has laid out what needs to be done….but @FCC under @AjitPaiFCC has blocked serious policy fixes. https://t.co/OBj429LunO

— John Scott-Railton (@jsrailton) December 16, 2020

Instead, as the SolarWinds supply chain hack illustrates, America under Trump spent countless calories hyperventilating over nonsense like TikTok instead of focusing on the vast number of very real cybersecurity threats that actually pose a risk to international consumer, government, and business privacy.