Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday June 01 2018, @04:35PM   Printer-friendly
from the museum-grade-tech dept.

Submitted via IRC for SoyCow8317

The US Department of Homeland Security recently warned that malicious hackers may have targeted US phone users by exploiting a four-decades-old networking protocol used by cell phone providers around the world, according to a spokesman for US Senator Ron Wyden (D-Ore.). Meanwhile, the spokesman said, one of the nation's major cellular carriers recently experienced a breach of that same protocol that exposed customer data.

[...] In a letter Sen. Wyden received last week, DHS officials warned that "nefarious actors may have exploited" SS7 to "target the communications of American citizens," Wyden spokesman Keith Chu told Ars, confirming an article published Wednesday by The Washington Post. On Tuesday, Wyden sent a letter to Federal Communications Commission Chairman Ajit Pai that heightened concerns of SS7 hacks on US infrastructure.

"This threat is not merely hypothetical—malicious attackers are already exploiting SS7 vulnerabilities," Wyden wrote. "One of the major wireless carriers informed my office that it reported an SS7 breach, in which customer data was accessed, to law enforcement through the government's Customer Proprietary Network Information (CPNI) Reporting Portal."

[...] Sen. Wyden's letter this week to the FCC chairman is a reminder that loopholes that allow all the carriers to share customer location data aren't the only threat facing cellphone users. In responses sent late last year to Wyden's questions about SS7 security, both Verizon and T-Mobile confirmed that they were still in the process of implementing firewalls that would filter malicious requests. AT&T, meanwhile, said it implemented such firewalls but didn't say when.

The senator accused the FCC of failing to adequately answer the threat posed by SS7, noting among other things that a working group the FCC convened in 2016 to address SS7 vulnerabilities was dominated by carrier insiders and comprised no academic experts.

Source: https://arstechnica.com/information-technology/2018/05/nefarious-actors-may-have-abused-routing-protocol-to-spy-on-us-phone-users/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Funny) by Anonymous Coward on Friday June 01 2018, @06:51PM

    by Anonymous Coward on Friday June 01 2018, @06:51PM (#687385)

    a working group the FCC convened in 2016 to address SS7 vulnerabilities was dominated by carrier insiders and comprised no academic experts.

    Pai promptly closed the ticket with a reason of "Not a bug; works as intended."

    Starting Score:    0  points
    Moderation   +2  
       Funny=2, Total=2
    Extra 'Funny' Modifier   0  

    Total Score:   2