Canada’s Privacy Commissioner Calls on Wireless Carriers to Plug SS7 Security Vulnerability

According to a new report from CBC News, Canada’s privacy commissioner is calling on all wireless carriers to fix a vulnerability in the SS7 network.

Back in November 2017, CBC News conducted an investigation, which showed how easy it was to hack into a phone that’s on the mobile networks of Rogers and Bell. Berlin-based cybersecurity expert Karsten Nohl and his team were able to show that it is possible to track your location and access the contents of your phone with only your phone number.

The attack is based on Signalling System No. 7 (SS7) which is a hidden messaging layer within cellphone networks. This layer is responsible for setting up and tearing down connections for a phone call, exchanging billing information or allowing a phone to roam. Access to this layer, according to Nohl, is quite trivial and can go beyond spying on a phone conversation. SS7 attacks can also be used to add, modify, or delete content on your device.

The commissioner’s report warns that this vulnerability could lead to hackers gaining access to sensitive information:

“Hackers are targeting the SS7 to obtain subscriber information, hear calls, steal money, conduct denial of service attacks and geotag their movements.”

The report notes that several countries in Europe are far ahead of Canada in terms of protecting the communication of cellphone users on their wireless networks.

“In the current state of affairs in Canada, obviously the CSE (Communications Security Establishment) has clear legal responsibilities for the protection of government systems, but not for the protection of privately managed systems. I do not have a definite answer on this, but that could be an explanation.”

The privacy commissioner is urging all parties involved to commit to fixes and strengthen the security of their networks.