March 15, 2017

Wyden, Lieu Ask DHS To Tell Americans About Serious Security Threat to Mobile Phones

Lawmakers Ask Homeland Security How It Is Addressing Phone Vulnerability Known As SS7

Washington, D.C. – Sen. Ron Wyden, D-Ore., and Rep. Ted Lieu, D-Calif., today urged the Department of Homeland Security to tell Americans how their security may be threatened by a vulnerability that could allow hackers and foreign governments to track, wiretap, and hack their mobile phones.

“We suspect that most Americans simply have no idea how easy it is for a relatively sophisticated adversary to track their movements, tap their calls, and hack their smartphones. We are also concerned that the government has not adequately considered the counterintelligence threat posed by SS7-enabled surveillance,” Wyden and Lieu wrote to Homeland Security Secretary John Kelly today.

Read the full letter here.

Security researchers and news reports have documented a weakness in cell phone infrastructure that can allow foreign governments or sophisticated hackers to remotely track mobile phones, and even plant malware to allow for invasive surveillance. However, there continue to be many unanswered questions about how vulnerable Americans are, and what steps the government and phone companies are taking to protect consumers from criminals and foreign threats.

Wyden and Lieu asked Secretary Kelly to provide answers to the following questions by March 31, 2017.

  1. Do you have any reason to doubt the significance of the SS7-enabled surveillance threat?
  2. What resources has DHS allocated to identifying and addressing SS7-related threats? Are these resources sufficient to protect U.S. government officials and the private sector?
  3. Have U.S. wireless carriers provided all necessary assistance in determining the extent to which their networks are vulnerable, and the extent to which SS7-enabled access to their cellular networks has been exploited by foreign adversaries?
  4. Congress has been sounding the alarm about SS7-enabled surveillance for nearly a year. What steps has DHS taken to make the public aware of these threats?

Additional Background:

Sen. Wyden is a senior member of the Senate Intelligence Committee and congressional leader on smart technology and security policy.

Congressman Lieu has been a leading congressional advocate for stronger cyber security and privacy measures to protect consumers, especially when it comes to mobile devices. On April 16, 2016, Congressman Lieu was featured on 60 Minutes in a story exposing a major flaw in the SS7 protocol that allows sophisticated hackers to intercept cell phone conversations, data and text messages. In response to the report, the FCC opened up an investigation into the SS7 flaw on April 20, 2016, and requested that mobile carriers provide information with respect to the timing and methods used to issue security updates to their devices. In August 2016, he sent a letter to the FCC asking them to expedite their investigation into the SS7 flaw. The FCC’s final report is expected in March 2017.