By B.N. Frank
Hackers can cause catastrophic problems no matter who or what is targeted – businesses (see 1, 2), hospitals (see 1, 2, 3), municipal governments, medical devices, personal devices (see 1, 2, 3, 4, 5, 6, 7), security systems and other “Smart” home devices (see 1, 2, 3), utility grids (see 1, 2, 3), and/or utility “Smart” Meters.
Wireless connections have always been more vulnerable to hackers than hard-wired connections. Unfortunately, one network flaw continues to NOT be fixed.
A Major Wireless Network Flaw Is Still Being Exploited To Track User Locations
In 2017, hackers and security researchers highlighted long-standing vulnerabilities in Signaling System 7 (SS7, or Common Channel Signalling System 7 in the US), a series of protocols first built in 1975 to help connect phone carriers around the world. While the problem isn’t new, a 2016 60 Minutes report brought wider attention to the fact that the flaw can allow a hacker to track user location, dodge encryption, and even record private conversations. All while the intrusion looks like ordinary carrier to carrier chatter among a sea of other, “privileged peering relationships.”
Telecom carriers and lobbyists have routinely downplayed the flaw and their multi-year failure to do much about it. In 2018, the CBC noted how Canadian wireless providers Bell and Rogers weren’t even willing to talk about the flaw after the news outlet published an investigation showing how (using only a mobile phone number) it was possible to intercept the calls and movements of Quebec NDP MP Matthew Dubé.
Now there’s yet another wake up call: a new report from the Guardian indicates that Rayzone, an Israeli corporate spy agency that provides its government clients with “geolocation tools,” has been exploiting the flaw for some time to provide clients access to user location information and, potentially, the contents of communications. Apparently, the company first leased an access point in the network of Sure Guernsey, a mobile operator in the Channel Islands. From there, it appears to have exploited the SS7 flaw to track users in numerous additional countries:
“Industry sources with access to sensitive communications data say there is recent evidence of a steady stream of apparently suspicious signaling messages directed via the Channel Islands to phone networks worldwide, with hundreds of messages routed via Sure Guernsey and another operator, Jersey Airtel, to phone networks in North America, Europe and Africa in August.”
Of course, as with other past reveals of this type (like when Saudi Arabia was also found to be doing something similar to track targets inside the U.S.), the companies involved either insist they know nothing about such exploitation, or that they’re vaguely aware of it, and have done everything possible to prohibit it from happening. Though one reason many Telecoms may not have been particularly keen on cracking down on the practice is that numerous western governments very likely exploit the SS7 flaw as well.
Senator Ron Wyden demanded answers as early as 2017 from mobile phone companies as to why they haven’t done more to thwart the practice, and, last I checked, is still awaiting a response. For smaller carriers it can also be expensive and complicated to remedy the problem, which makes them even easier targets for exploitation. Experts say the U.S. FCC, as you might expect, hasn’t done much of anything to coordinate a response to the threat:
6/Things are especially broken in the US. Experts have made the problem clear, @DHSgov has laid out what needs to be done….but @FCC under @AjitPaiFCC has blocked serious policy fixes.https://t.co/OBj429LunO
— John Scott-Railton (@jsrailton) December 16, 2020
Instead, as the SolarWinds supply chain hack illustrates, America under Trump spent countless calories hyperventilating over nonsense like TikTok instead of focusing on the vast number of very real cybersecurity threats that actually pose a risk to international consumer, government, and business privacy.
Become an Activist Post Patron for just $1 per month at Patreon.
The Federal Communications Commission (FCC) is supposed to protect Americans from the telecom industry. Unfortunately, it has been corrupt agency for decades (see 1, 2). This includes refusing to update antiquated and inadequate radiation exposure guidelines.
During the Trump administration, lawsuits have been filed against the agency for NOT protecting the public from unsafe levels of radiation as well as controversial and dangerous 5G on Earth (see 1, 2, 3, 4) and in space. Doctors and scientists have asked the agency MANY TIMES – and again recently – that health and environmental risks from radiation from 5G, cell towers and other wireless sources be evaluated by experts with no conflicts of interest (see also 1, 2, 3). Nope.
Recently the U.S. Government Accountability Office issued warnings about cybersecurity risks associated with 5G deployment. The White House has also issued a directive about the potential for satellites being targeted by hackers as well. So there’s that too.
Anyone concerned about cybersecurity and privacy risks from wireless devices may be interested in Mozilla’s annual guide that includes information about specific products.
Activist Post reports regularly about unsafe technology. For more information, visit our archives.
Provide, Protect and Profit from what’s coming! Get a free issue of Counter Markets today.