The Commission calls for urgent action to protect Americans from surveillance.
Federal Communications Commission (FCC) The United States has stepped up efforts to strengthen the security of outdated elements of American telephone networks. The main focus is on the Signaling System Number 7 (SS7) and Diameter protocols used by operators to ensure the interconnection of networks that, as it turned out, can be used by foreign governments and surveillance services for remote cyber espionage activities.
The SS7 was developed in the mid-1970s, and the Diameter was developed in the late 1990s. Both protocols have vulnerabilities that make it possible to track the location of phones, redirect calls and text messages to intercept information, and monitor users. The FCC indicates an increased risk of exploiting these vulnerabilities due to the expansion of coverage and an increase in the number of network participants.
On March 27, the commission called on telecommunications companies to report what measures are being taken to prevent abuse of SS7 and Diameter vulnerabilities, and also requested information on any incidents of exploitation of these protocols since 2018.
This request was prompted by an appeal from Senator Ron Wyden (D-OR), who stressed the need to address the weak cybersecurity of mobile operators, pointing out the threats posed by SS7 and Diameter vulnerabilities. Wyden emphasized that these problems are used by authoritarian regimes to spy on and obtain information about citizens.
In the past, Senator Wyden has already drawn attention to the security issues associated with SS7, and called for measures to address these vulnerabilities as a matter of national security. He also expressed his intention to work with the FCC to develop mandatory cybersecurity standards to protect US telephone networks.
Responses from stakeholders are expected by April 26, after which the FCC will have a month to prepare a response. This FCC appeal and Senator Wyden's statements underscore the seriousness of the threats posed by phone network vulnerabilities and the need for urgent action to strengthen cybersecurity.
Federal Communications Commission (FCC) The United States has stepped up efforts to strengthen the security of outdated elements of American telephone networks. The main focus is on the Signaling System Number 7 (SS7) and Diameter protocols used by operators to ensure the interconnection of networks that, as it turned out, can be used by foreign governments and surveillance services for remote cyber espionage activities.
The SS7 was developed in the mid-1970s, and the Diameter was developed in the late 1990s. Both protocols have vulnerabilities that make it possible to track the location of phones, redirect calls and text messages to intercept information, and monitor users. The FCC indicates an increased risk of exploiting these vulnerabilities due to the expansion of coverage and an increase in the number of network participants.
On March 27, the commission called on telecommunications companies to report what measures are being taken to prevent abuse of SS7 and Diameter vulnerabilities, and also requested information on any incidents of exploitation of these protocols since 2018.
This request was prompted by an appeal from Senator Ron Wyden (D-OR), who stressed the need to address the weak cybersecurity of mobile operators, pointing out the threats posed by SS7 and Diameter vulnerabilities. Wyden emphasized that these problems are used by authoritarian regimes to spy on and obtain information about citizens.
In the past, Senator Wyden has already drawn attention to the security issues associated with SS7, and called for measures to address these vulnerabilities as a matter of national security. He also expressed his intention to work with the FCC to develop mandatory cybersecurity standards to protect US telephone networks.
Responses from stakeholders are expected by April 26, after which the FCC will have a month to prepare a response. This FCC appeal and Senator Wyden's statements underscore the seriousness of the threats posed by phone network vulnerabilities and the need for urgent action to strengthen cybersecurity.
