You are using an outdated browser. Please upgrade your browser to improve your experience.

Rep. Ted Lieu calls on Congress to investigate SS7 exploit

April 18, 2016

In an earlier report, we informed you of a security flaw in cellular carrier technology that could leave any mobile phone, regardless of its manufacturer, wide open to snooping and tracking by hackers. United States Rep. Ted Lieu, D-California, is wasting no time in exploring how dangerous this vulnerability truly is. The California congressman has issued a letter calling for the House Oversight and Government Reform Committee to “examine the full scope and implications of the [Signaling System 7 (SS7)] security flaw.”

It’s pretty clear that if [Nohl] can do it, that other foreign entities can do it, too.

- Rep. Ted Lieu

While CTIA – The Wireless Association claims that United States cellular providers aren’t subject to this exploit, Lieu hinted to AppAdvice that he isn’t so sure. “It’s pretty clear that if [Nohl] can do it, that other foreign entities can do it, too,” the congressman stated.

Lieu points out in his letter, addressed to chairman of the House Oversight and Government Reform Committee U.S. Rep. Jason Chaffetz, R-Utah, and ranking member Rep. Elijah Cummings, D-Maryland, that the vulnerability in the SS7 protocols would allow hackers to “easily intercept and record communications en route to their destination unbeknownst to the users.” The letter goes on to state:

The applications for this vulnerability are seemingly limitless, from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring U.S. government officials.

- Rep. Ted Lieu

Rep. Lieu told AppAdvice that the danger of this vulnerability could be quite real. “There are all sorts of ways that this could have a very detrimental effect on our daily lives,” he asserted. “On this SS7 flaw, there is no reasonable conclusion for allowing this flaw to exist,” Lieu pointed out.

My view is that the entire federal government as well as the private sector is not well-equipped to act on technology security issues. We need to have a culture change where everyone takes cybersecurity much more seriously.

- Rep. Ted Lieu

Ideally, Lieu told AppAdvice, the House Oversight Committee, along with other such bodies, would investigate the SS7 flaw and come up with ways to fix it. The congressman believes that what will be required to truly remedy the myriad of cybersecurity flaws won’t be just a single action of a House committee, but “a culture change where everyone takes cybersecurity much more seriously.”