The US Federal Commission (FCC) is ramping up efforts to enhance the security of outdated components of American telephone networks. The focus is primarily on the Signaling System Number 7 (SS7) and Diameter protocols used by operators to facilitate network connections, which have been found to be exploitable by foreign governments and surveillance agencies for remote cyber espionage.
SS7 was developed in the mid-1970s, while Diameter emerged in the late 1990s. Both protocols contain vulnerabilities that enable the tracking of phone locations, call and text message redirection for data interception, and user monitoring. The FCC warns of heightened risks associated with these vulnerabilities due to network expansion and increased interconnectivity.
On March 27, the Commission urged telecommunication companies to disclose the preventive measures they are implementing to combat the misuse of SS7 and Diameter. They also requested information on any incidents involving these protocols since 2018.
This call to action was initiated by Senator Wyden (D-Ore), who underscored the imperative of addressing the cybersecurity weaknesses of mobile operators, highlighting the threats posed by SS7 and Diameter vulnerabilities. Senator Wyden emphasized the exploitation of these issues by authoritarian regimes to surveil and gather data on citizens.
Senator Wyden has previously raised concerns about the security risks associated with SS7 and advocated for measures to mitigate vulnerabilities in the interest of national security. He has expressed willingness to collaborate with the FCC in establishing mandatory cybersecurity standards to safeguard US telephone networks.
Responses from stakeholders are anticipated by April 26, following which the FCC will have a month to formulate a response. The FCC’s initiative and Senator Wyden’s statements underscore the gravity of the threats posed by telephone network vulnerabilities and the urgent need for bolstered cybersecurity measures.