Texas Insider Report: WASHINGTON D.C. After a recent 60 Minutes CBS news program showed a German computer scientist remotely spying on the mobile phone being used by U.S. Congressman Ted Lieu (D-CA) the U.S. Federal Communications Commission (FCC) said last Wednesday it is studying mobile telephone 
carriers use of decades-old communications technology with known security bugs after 60 Minutes reported it could be remotely exploited to spy on callers.
Congressman Lieu a California Democrat with a bachelors degree in computer science made his presence known at last Wednesdays House Subcommittee on Information Technology hearing when he pressed Obama Administration officials about a number of newsy cybersecurity topics including:
- whether the FBI will tell Apple how it hacked into the San Bernardino iPhone and
- whether the officials present had been aware of the mobile network flaw that allowed hackers to eavesdrop on Lieus phone during a 60 Minutes Report.
carrier to grant him access to Lieus devices.
CBSs 60 Minutes showed Nohl remotely spying or hacking into Cong. Lieus mobile phone by leveraging security bugs in a global mobile network known as Signaling System No. 7 or SS7 which is used to connect carriers to facilitate global roaming texting and other communications.
The head of the FCCs Public Safety Bureau David Simpson said in a statement that he had asked staff to review SS7 which he said had reached the end of its life and the transition to more modern technologies.
The 60 Minutes report highlights the inherent risk encountered when an end-of-life technology is incrementally replaced by a new one Lieu said.
Nohl said he expects SS7 will be used for another 10 to 15 years and that its replacement Diameter is vulnerable to similar attacks. The bugs in both technologies can be mitigated with filters firewalls and other security techniques he said.
Lieu a Los Angeles Democrat this week called for the House Oversight Committee to investigate the flaw. A committee spokesman said it is reviewing Lieus request.
John Marinho vice president with the Washington-based mobile industry group CTIA said that Nohl was given extraordinary access to a German carriers network. That is the equivalent of giving a thief the keys to your house she said. That is not representative of how U.S. wireless operators secure and protect their networks.Nohl said malicious attackers could obtain similar results by hacking into a carriers network or paying somebody to do so.
Somebody gave me the keys to their house in Germany. From there I could take a taxi a flight another taxi and find that the door at AT&Ts headquarter is wide open he said.
The London-based GSMA whose members include over 800 global carriers said it has issued multiple alerts on SS7 vulnerabilities and ways to fix them since late 2014 when Nohl first publicized the vulnerability.
Lieu lashed out at Juniper Networks the company behind vulnerable software that many believe left government secrets exposed to foreign spies. The California Congressman was incensed that Juniper which makes a variety of IT products widely used in government was not testifying.
I find it disrespectful that they did not come here to testify. It insinuates they have something to hide Lieu said.
