- Unusual activity was spotted by security company ESD America
- It has prompted fears that diplomats and US officials could be targeted
- A source told CBS it could signal attempts by a foreign power to spy on the US
- The activity indicates that devices could be cloned and users tracked
A spike in suspicious cell phone activity close to the White House and the Pentagon has raised fresh fears that the US government is being spied on by a foreign power.
The Department for Homeland Security has been alerted to unusual activity around cellphone towers in Washington DC.
A source at security company ESD America has told CBS it could reveal espionage attempts from outside governments.
The activity, the source claimed, could be evidence that specific individuals, or their devices, are being monitored.
A report in the Washington Free Beacon says diplomats and US government officials would be the likely target.
Documents passed to the Free Beacon suggest devices could be cloned, and location data has been tracked by a third party.
A source told the publication: ‘The attack was first seen in D.C. but was later seen on other sensors across the USA. A sensor located close to the White House and another over near the Pentagon have been part of those that have seen this tracking.’
Documents suggest devices could be cloned, and location data has been tracked by a third party
Democratic lawmakers have written to Homeland Security Secretary John F Kelly (pictured, right, alongside President Trump and Vice President Mike Pence) raising concerns about hacking of cellphone networks
Insiders believe that a large number of cell phones are being tracked, and rogue forces could introduce malware to spy on sensitive targets.
It comes amid widespread concerns over the potential to hack US cellular networks.
Democratic lawmakers Ron Wyden and Red Lieu wrote this week in a letter to the Homeland Security Secretary John F. Kelly: ‘For several years, cyber security experts have repeatedly warned that US cellular communications networks are vulnerable to surveillance by foreign governments, hackers, and criminals exploiting vulnerabilities in Signaling System 7 (a set of protocols used by cellphone and text messaging applications).
‘US cellular phones can be tracked, tapped, and hacked—by adversaries thousands of miles away—through SS7-enabled surveillance,’ the congressmen write.
‘We are deeply concerned that the security of America’s telecommunications infrastructure is not getting the attention it deserves.
‘We suspect that most Americans simply have no idea how easy it is for a relatively sophisticated adversary to track their movements, tap their calls, and hack their smartphones.’
Privacy hawks in Congress call on Homeland Security to warn Americans of SS7 hacking threat
Oregon Senator Ron Wyden and California Representative Ted Lieu are pressing the Department of Homeland Security (DHS) on a mobile network vulnerability that they consider to be a systemic digital threat. In a new joint letter, the two members of Congress questioned DHS Secretary John Kelly about flaws inherent in Signaling System 7 (SS7), a global telecommunications protocol that allows phone networks to route calls and texts between users.
In a study publicized during a 2014 security conference in Hamburg, researchers demonstrated how hackers could insert themselves into a device’s call-forwarding function, redirecting calls, and any private information discussed therein, to themselves before bouncing them back to the receiver. In another SS7 technique, hackers could collect nearby texts and calls using a dedicated antenna, going so far as to obtain temporary encryption keys from a wireless carrier, which would later be used to decrypt the content of the correspondence. According to the researchers, end-to-end encryption — widely considered to be the most robust mobile precaution a user can take — could withstand such an attack, but the vast majority of users do not employ such measures.
Some digital privacy advocates suggest that there is little focus on the vulnerability of SS7 because governments are actively exploiting it in their own spying efforts. For example, SS7 tracking systems pair well with IMSI catchers (more commonly called “Stingrays“) used by some U.S. law enforcement agencies, zeroing in on a target’s general location in order to intercept their communications.
Another problem is that because so many wireless providers around the world use the protocol to connect devices on other mobile networks, the system is insecure by design. “SS7 is inherently insecure, and it was never designed to be secure,” GSMA security director James Moran told The Washington Post in a 2014 story about the threat posed by SS7. “It is possible, with access to SS7, to trigger a request for a record from a network.”
In Wednesday’s letter, Wyden and Lieu demanded to know what steps DHS had taken to inform the public about the threat, how the agency plans to protect the private sector, as well as U.S. government officials and the extent to which foreign adversaries may be leveraging SS7-enabled surveillance on U.S. citizens.
“We suspect that most Americans simply have no idea how easy it is for a relatively sophisticated adversary to track their movements, tap their calls, and hack their smartphones,” the letters reads. “We are also concerned that the government has not adequately considered the counterintelligence threat posed by SS7-enabled surveillance.”
Sen. Wyden, a senior member of the Senate Intelligence Committee, has been one of the government’s most vocal advocates in the digital privacy movement. Congressman Lieu, similarly a privacy hawk, appeared in a 60 Minutes segment on SS7’s flaws that aired last year. The FCC is expected to release its own report on an investigation into SS7 risks this month.