Hacker taps US Congressman's cellphone

After a hacker got into the phone of Democratic Congressman Ted Lieu, the California lawmaker is asking for an investigation.

Rep. Ted Lieu is a Democratic Congressman from California
Rep. Ted Lieu is a Democratic Congressman from California

Showing a US Congressman that his mobile phone is not entirely secure may be the best way to encourage the government to take quick action on a cyber-security issue.

Rep. Ted Lieu (D-Calif.) participated in a CBS 60 Minutes segment aired on April 17 that showed how a smartphone call could be intercepted using only a phone number and listened to by anyone with the knowledge to exploit the known Signal System 7 (SS7) flaw. SS7 is the technology that allows mobile phones to exchange information with each other and the carriers.

The day after the show aired Lieu sent a letter to Rep. Jason Chaffetz (R-Utah) and Elijah Cummings (D-Md.) chairman and ranking member of the House Committee on Oversight and Government Reform, which deals with cyber issues, demanding an investigation into the vulnerability.

“According to numerous reports, researchers in Germany have discovered flaws in SS7 that allow hackers to easily intercept and record communications en route to their destination unbeknownst to the users,” Lieu wrote.

Lieu is no technological novice: he has an undergraduate degree in computer science from Stanford University, and the congressman expressed a great deal of anger when he realised his level of vulnerability.

"You cannot have 300-some million Americans - and really, right, the global citizenry - be at risk of having their phone conversations intercepted with a known flaw, simply because some intelligence agencies might get some data. That is not acceptable," he said on the show.

This incident also spurred the Federal Communications Commission (FCC) into action with David Simpson, head of the FCC's Public Safety Bureau, saying he has tasked his staff with looking into the SS7 allegations.

However, whether or not the show overstated the threat is being debated within the security industry. The SS7 flaw itself has been public knowledge since 2014 when Karsten Nohl, the German researcher featured on 60 Minutes, first publicised the issue.

Sinan Eren, a vice president at Avast Software, told SCMagazine.com that the SS7 vulnerability is an issue primarily when callers use GSM connection and no encryption. GSM, one of the two radio systems used by mobile phones, is used by T-Mobile and AT&T in the US and is the worldwide standard. Verizon and Sprint use a competing radio format called CDMA.

“SS7 is exploitable, but it's not a consequential attack vector anymore,” Eren said, adding that the problem is not an issue for anyone using a peer-to-peer communications system like Facetime or Whatsapp.

Eren noted that it is unlikely average people need to worry about being hit, but that the real danger comes in emerging markets were SS7 can be exploited not only by criminals, but by nation-states interested in tapping into their citizens' phone conversations.

To help settle down the controversy The CTIA - The Wireless Association, the trade group representing the wireless communication sectors industry, issued a statement Monday, according to WirelessWeek, downplaying the threat, saying the show was given “extraordinary access to a German operator's network. That is the equivalent of giving a thief the keys to your house; that is not representative of how US wireless operators secure and protect their networks. We continue to maintain security as a top industry priority.”

However, the fact that Lieu's phone was vulnerable would indicate the CTIA is wrong, Jean-Philippe Taggart, Malwarebytes' senior security researcher, told SC in an email Tuesday. Taggart said the flaw certainly looked real enough, but he thought it might be easier to exploit only on certain cellular networks.

“The SS7 vulnerability is an open secret amongst the intelligence communities and the US-based regulatory body that 60 minutes contacted, CTIA, would fall into the 'in denial' camp. This was demonstrated to be untrue, with the interception of Congressman Lieu,” said Taggart.

In addition to listening in on calls and texts, the SS7 vulnerability appears to allow a phone's location to be found.