DHS: 'Nefarious actors' could be exploiting SS7 flaw

Wikicommons photo CC2.0


Written by

The Department of Homeland Security has received reports that “nefarious actors” may be exploiting cellular communications vulnerabilities to spy on Americans, according to Chris Krebs, a senior DHS official.

Cybersecurity experts have warned that longstanding vulnerabilities in the telephony protocol known as Signaling System No. 7 (SS7) could allow spying on callers and interception of their data.

Krebs revealed the possible exploitation of SS7 in a May 22 letter to Sen. Ron Wyden, D-Ore., that also said DHS had “received reports from third parties about the unauthorized use” of mobile surveillance devices.

The devices in question, known as Stingrays or IMSI catchers, imitate a cell tower to capture caller location and other associated data. They have been used by U.S. law enforcement for years, but their use for foreign espionage and hacking in the U.S. has been a source of speculation.

From January to November 2017, DHS deployed sensors in Washington, D.C., area in search of the rogue IMSI catchers, Krebs said in his latest missive to Wyden.

The pilot project revealed activity “that appeared consistent” with IMSI catchers in the D.C. area, including close to “potentially sensitive facilities like the White House,” Krebs wrote. The department hasn’t validated or attributed that activity to specific entities or devices, he added.

“As we discussed, NPPD lacks the appropriate enforcement and counterintelligence authorities to address your specific concerns with IMSI catcher technologies,” Krebs wrote.

Krebs had previously acknowledged the presence of what appear to be unauthorized IMSI catchers in the D.C. area in a March letter to Wyden. But the Oregon senator put a hold on Krebs’s nomination to be undersecretary of the National Protection and Programs Directorate (NPPD) until DHS provided more information on its knowledge of the use of IMSI catchers in the United States.

Wyden has since lifted his hold on Krebs’s nomination, a key cybersecurity position for DHS that he is already filling in an acting capacity. However, another senator has blocked the nomination, a Senate aide told CyberScoop. The aide did not specify why.

-In this Story-

Chris Krebs, imsi catchers, privacy, SS7 Protocol, stingray, surveillance