Yes, telephony networks have a critical, underlying flaw. Unfortunately, so do IP networks.

Motherboard recently ran an article discussing how lobbyists for telecom companies were arguing that the vulnerabilities in their networks due to the aging SS7 protocol weren’t that bad. Well, spoiler alert, they are that bad. The (overly) simplified statement is, anyone with access to the SS7 network can redirect any telephone number, practically anywhere in the world. This is the basis of number portability, i.e. why you can switch from AT&T to Verizon (or vice versa) and keep your telephone number.

The key here is “access to the SS7 network”, which is different from the telephone network itself. SS7 is a “control plane” protocol, so telephony users don’t get access, but telcos do. So it needs to be an inside job.

The internet itself suffers from a similar issue with the aging BGP standard. A decade ago, a misconfigured BGP router knocked YouTube offline, and similar events have happened in many occasions. Last year, it knocked Twitter offline. Once again a system that is not very robust, and can be manipulated by anyone connected, this system mainly works because all the actors are known, so most of the time errors are honest mistakes.

There are more of these trusting systems lying around, hidden in the background of society. They do need to be fixed, but it is more than any single company can be asked to fix, as they are global standards.

Leave a Reply