Some members of the telecoms community have known about serious flaws in the SS7 protocol, which phone networks rely on, for 19 years and nothing has been done to resolve them. The vulnerability allowed motivated parties to track phones across the world, and intercept calls and text messages.
The Daily Beast said that it found out that members of the telecom industry have known about issues with SS7 for the past two decades; the information, it says, appears in a 1998 document from the European Telecommunications Standards Institute (ETSI). The following quote is from the document:
“There is no adequate security in SS7. Mobile operators’ need to protect themselves from attack by hackers and inadvertent action that could stop a network or networks operating correctly … the problem with the current SS7 system is that messages can be altered and injected into the global SS7 networks in an un-controlled manner.”
In the US, the Federal Communications Commission has been encouraging telecoms to deploy their own security measures in order to protect against attacks targetted against the SS7 protocol but this approach has been criticised by some who say that self-regulation has failed because little progress in securing SS7 has occurred in the past two decades.