A senator has claimed to have made public new evidence that shows foreign hackers and spies are targeting US citizens via their mobile devices.
Ron Wyden demanded action from the FCC and phone companies after a letter sent to him from the Department of Homeland Security (DHS) revealed the use of controversial 'stingray' technology near the White House, and attempts to exploit SS7 vulnerabilities.
Also known as IMSI-catchers, stingray tech typically mimics mobile phone base towers, allowing individuals to locate specific devices and intercept communications from them.
It’s a controversial surveillance tool which police and FBI agents have run into trouble using in the past, because it cannot be targeted enough to focus on specific devices and ends up catching data on innocent users.
Yet now the DHS has revealed that “anomalous activity” like that of an IMSI catcher was observed within the National Capitol Region (NCR), including in locations near sensitive facilities like the White House.
“The news of a possible foreign stingray near the White House is of particular concern giving reports that the President isn’t even using a secure phone to protect his calls,” said Wyden in a statement. “The cavalier attitude toward our national security appears to be coming from the top down. It is high time for the FCC and this administration to act immediately to protect American national security.”
According to the DHS, law enforcement and counter-intelligence operatives investigated this activity and determined that “some signals” emanated from real cell towers, but that doesn’t explain all activity.
The DHS also claimed to have received reports from third-parties of unauthorized use of IMSI-catcher tech, as well as exploitation of SS7 vulnerabilities to “target the communications of American citizens.”
The 40-year-old network signalling protocol has been known to contain serious vulnerabilities for years.
“I’ve spent the past year fighting to reveal what a terrible job the telephone companies and FCC are doing at protecting Americans from being spied on, tracked, or scammed,” said Wyden. “This letter is yet more evidence that these threats are absolutely real and they are already attacking Americans.”