Someone may have spied on smartphones in or near the White House using a fake cellphone tower – and miscreants are said to have abused SS7 weaknesses to swipe US citizens' private information, it emerged this week.
On Friday, Senator Ron Wyden (D-OR) revealed a letter he received from the US government's Department of Homeland Security earlier this month that suggested someone deployed a Stingray-like IMSI-capturing device to track and snoop on phones near the White House in Washington DC. This equipment works by pretending to be a real cellphone mast, connecting to passing handhelds to collect their owners' unique subscriber ID numbers, and potentially snoop on their chatter.
Specifically, Homeland Security officials said they had detected activity that "appeared consistent" with Stingray devices within the capital region "including locations in proximity to potentially sensitive facilities like the White House."
The DHS tempered that claim, though, by noting that it could not attribute the IMSI spying to any specific group, and that some of the transmissions turned out to be signals sent from legitimate cellphone towers.
Hold the phone: Mystery fake cell towers spotted slurping comms around Washington DCREAD MORE
"The news of a possible foreign stingray near the White House is of particular concern giving reports that the President isn’t even using a secure phone to protect his calls," Wyden said in response.
"The cavalier attitude toward our national security appears to be coming from the top down."
Separately, Wyden said he had been told by a big-name mobile network that malicious attackers are believed to have used SS7 – the 40-year-old protocol that glues cellular networks together – to obtain US customer data. The Homeland Security letter indeed said it had received reports of "nefarious" types leveraging SS7 to spy on American citizens by targeting their calls, text messages, and other information.
SS7 is typically abused by criminals hacking into phone networks, or rogue insiders, to swipe private info. State-owned carriers can also exploit SS7 on behalf of government snoops, or networks can be compelled by administrations to use the protocol to surveil targets. In any case, SS7 is a system that can be exploited by a phone network in one country to screw around with people using a network in another country, or within the same nation, and intercept calls and messages.
Wyden released Uncle Sam's letter as part of his push to get America's comms watchdog the FCC, and US telcos, to conduct a more thorough investigation, and reveal the use of both SS7 exploits and Stingray devices within their networks.
Not a useful Ajit
Earlier this week, Wyden sent FCC boss Ajit Pai a letter calling for a probe, and blasted the chairman for seemingly refusing to do anything about security holes present in mobile networks.
"One year ago I urged you to address serious cybersecurity vulnerabilities in US telephone networks," Wyden's letter to Pai read.
"To date, your Federal Communications Commission has done nothing but sit on its hands, leaving every American with a mobile phone at risk."
The senator added: "This threat is not merely hypothetical – malicious attackers are already exploiting SS7 vulnerabilities. One of the major wireless carriers informed my office that it reported an SS7 breach, in which customer data was accessed, to law enforcement."
Wyden thus demanded to know what the regulator did in response to multiple reports of SS7 attacks. ®