Wyden: News about possible foreign stingrays near the White House is of particular concern. The President communication security could be at risk
Foreign hackers are spying American citizens in USA near the White House, using their mobile devices. It has been denounced by Senator Ron Wyden in a letter to FCC and mobile companies. “I’ve spent the past year fighting to reveal what a terrible job the telephone companies and FCC are doing at protecting Americans from being spied on, tracked, or scammed – the Senator writes -. This letter is yet more evidence that these threats are absolutely real and they are already attacking Americans. The news of a possible foreign stingray near the White House is of particular concern giving reports that the President isn’t even using a secure phone to protect his calls. The cavalier attitude toward our national security appears to be coming from the top down. It is high time for the FCC and this administration to act immediately to protect American national security.”
The Senator Wyden letter: Malicious actors spy in two ways: with stingrays (IMSI catchers) and exploiting SS7 protocol vulnerabilities
The Senator Wyden letter describes two separate ways that spies, criminals and hackers may be threatening both national security and the personal security of regular Americans. First, a federal study found evidence of rogue spying devices near the White House and other sensitive locations, during a test last year. The devices, known as IMSI (International Mobile Subscriber Identity) catchers or stingrays, can track phones, but also intercept phone calls, text messages and plant malware on phones. Second, the letter confirms that DHS has received reports that “nefarious actors may have exploited” a weakness in phone networks known as SS7 (Signalling System Seven), “to target the communications of American citizens.”
The SS7 vulnerabilities
The SS7 has some vulnerabilities that allow malicious actors to track cell phone users. In addition, eavesdropping is possible by using the protocol to forward calls and also facilitate decryption by requesting that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded. Those vulnerabilities are usually exploited by security forces and intelligence against specific targets. Not only in the USA, but worldwide too. But until now, there wasn’t no official news about their use to spy American citizens in the United States.