- Sen. Ron Wyden, D-Ore., warned that Biden’s foreign adversaries are capable of tracking Americans’ locations without spyware.
- Instead, the flaw allows hackers to obtain user information from the cellular operator.
- Wyden called on Biden to have the Federal Communications Commission establish minimum cybersecurity standards for US carriers
Authoritarian foreign governments have been able to track Americans and journalists using flaws in cellphone networks for more than a decade, a senior Democrat revealed.
Sen. Ron Wyden, D-Ore., sent a letter to President Biden warning him about a long-known flaw in Signaling System 7 (SS7), a protocol used by cell phone providers to transmit text messages and calls telephone calls between operators.
However, the protocol has been known to have been flawed for more than 10 years. It can be manipulated to reveal customers’ locations and even listen to calls.
“Surveillance companies and their authoritarian foreign government clients have exploited lax security on U.S. and foreign telephone networks for at least a decade to track phones anywhere in the world,” Wyden wrote to Biden in the letter obtained by DailyMail.com.
Hostile nations have “abused these tools to track Americans in the United States and journalists and dissidents abroad,” he continued.
That threatens “national security, freedom of the press and international human rights.”
Sen. Ron Wyden, D-Ore., sent a letter to President Biden warning him about a long-known flaw in Signaling System 7 (SS7).
Sen. Ron Wyden, D-Ore., sent a letter to President Biden warning him about a flaw in the U.S. wireless carrier’s protocol that allows foreign governments to track customers’ locations in real time.
SS7 surveillance does not require downloading spyware on targets’ smartphones
The SS7 flaw does not require spyware to be downloaded onto smartphones, but instead tricks carriers into providing user information directly to the hacker.
The SS7 surveillance method also cannot be detected or deterred by popular smartphone manufacturers Apple and Google, the Democrat warned.
“Whether a given person can be monitored using such services depends entirely on the security of their wireless service provider,” Wyden wrote.
To protect US government employees from foreign surveillance, Wyden called on Biden to establish minimum cybersecurity standards for major wireless services purchased by the federal government.
“The FCC should exercise its authority to establish minimum cybersecurity requirements for U.S. wireless carriers and aggregators that deliver SS7 and Diameter messages to and from carriers.”
The Federal Communications Commission (FCC), the National Security Agency (NSA), and the Cybersecurity and Infrastructure Security Agency (CISA) have acknowledged surveillance issues related to SS7.
Additionally, SS7 rental surveillance services have appeared around the world.
Mitto AG, a Swiss company, was accused of offering SS7 tracking services in 2021, according to Bloomberg.
Wyden wrote in his letter that he wants to cut the United States’ ties with foreign SS7 surveillance workshops.
To protect US government employees from foreign surveillance, Wyden called on Biden to establish minimum cybersecurity standards for major wireless services purchased by the federal government.
“Ensure that US government agencies do not give taxpayer money to mercenary surveillance companies that have enabled human rights abuses,” Wyden asked in his letter.
Most of President Biden’s cabinet, including the Secretary of Defense. Lloyd Austin and Secretary of State Antony Blinken also received the letter.