2 wireless protocols expose mobile users to spying — the FCC wants to fix that

sarayut/Getty Images

The protocols are a cornerstone of wireless communications but may contain flaws that enable hackers to tap into Americans’ mobile activities, the agency says.

The Federal Communications Commission is asking communications service providers to give the agency a progress update on how they are refurbishing their networks to prevent spies and cybercriminals from exploiting protocols that could let bad actors track targets.

The FCC has been working to reduce vulnerabilities in the Signaling System No. 7 — or SS7 — protocol, as well as the Diameter protocol, a pair of foundational wireless signal functionalities that enable phone calls, text messages and other communications to travel across different network layers uninterrupted.

SS7 and Diameter have frequently made headlines for flaws in their algorithms that could potentially let hackers tether their own communications streams to Americans’ conversations, allowing them to spy on and track individuals, including journalists, politicians or political dissidents. SS7 and Diameter are considered vital tools that enable modern wireless communications, especially over roaming networks for individuals traveling abroad, but such protocols have not been fully augmented to meet modern encryption standards, the agency argues.

The FCC is asking providers to detail what steps they’ve taken to prevent customer spying over SS7 and Diameter, and also asks them to reveal known instances in which targets were successfully compromised.

The inquiry comes a month after privacy hawk Ron Wyden, a Democratic senator from Oregon who sits on the Senate Intelligence Community, asked the Biden administration to look into the matter.

“America needs to ramp up our defenses against mercenary surveillance companies that help foreign dictators threaten U.S. national security, human rights and journalists working to expose wrongdoing,” Wyden said in response to the inquiry that was launched Wednesday.

SS7 flaws became front and center concerns in April 2016, when German researchers in a demonstration exploited the protocol to track the location and communications of Rep. Ted Lieu.

Lieu, later that year, urged the FCC to expedite an investigation into SS7 flaws after Russian operatives hacked into the Republican and Democratic Congressional Campaign Committees.

Lieu’s office did not respond to a request for comment about the new FCC inquiry by publishing time.