14 DAY TRIAL // A 60 Minutes feature on the security flaws found in the Signalling System No. 7 (SS7) telephony signaling protocol has sparked a Congress investigation after US Representative Ted Lieu didn't like being spied on for CBS' experiment.
CBS reporter Sharyn Alfonsi and Karsten Nohl, a German computer hacker and member of the Chaos Computer Club, have carried out an experiment that showed how easy it is to exploit design flaws in the SS7 telephony signaling protocol to track users anywhere on the planet, and even eavesdrop on their conversations.
To prove their point and make an impact, Mrs. Alfonsi recruited US Representative Ted Lieu and convinced him to use a brand new iPhone when talking to his staff.
Knowing only Mr. Lieu's phone numbers, Mr. Nohl and his team of experts from Security Research Lab were able to pinpoint his location at any time he carried the handset and also recorded all conversations he had with his employees.
Following the airing of the 60 Minutes piece last Sunday, Mr. Lieu called on Monday for a full investigation into the widespread SS7 security flaws affecting US mobile networks and also international telephony systems.
Researchers knew about SS7 flaws since 2014
SS7 is the global telecommunications backbone on which mobile networks sit, and is responsible for translating phone numbers from one network to another, for routing the actual voice and text calls, for handling billing information, and relaying metadata.
Because of its central role, if a vulnerability exists - and it does since late 2014 - attackers could gain access to any mobile network's backend and track everything and anything about a mobile operator's clients.
While SS7 implementations differ slightly from country to country, their system is generally universal, and Mr. Nohl claims that these types of attack should work, at least in theory, anywhere in the world.
Below are Tobias Engel and Karsten Nohl himself, presenting some of SS7's security flaws at the 31st Chaos Communication Congress held at the start of 2015.
