A Security Expert Warned Congress That T-Mobile's DC Cell Network Has Been Hacked

Sen. Ron Wyden and Rep. Ted Lieu have asked the Department of Homeland Security if wireless carriers have done enough to monitor and report surveillance exploits on their networks.

Rep. Ted Lieu and a group of security researchers have been warning for a year that a vulnerability in the global communications network supporting cell service could offer hackers and foreign powers a way to exploit our phones. Now, according to a cybersecurity expert who contacted Rep. Lieu’s office, it seems hackers may have taken advantage of this security hole to infiltrate cell networks in Washington, DC.

The Washington Free Beacon reported Thursday that it had reviewed documents suggesting that hackers had stolen massive amounts of location data from phones in the DC area. The Free Beacon wrote that the Department of Homeland Security originally compiled the data while monitoring cell towers for suspicious activity.

A spokesperson for Rep. Lieu told BuzzFeed News that his office received a tip late last week from a cybersecurity expert that T-Mobile's wireless mobile network in Washington, DC may have been compromised by a hack. Rep. Lieu’s office could not substantiate the claims of the security expert (whom Lieu's office did not name), but it notified the Department of Homeland Security of the warning. According to the spokesperson, Homeland Security did not provide any additional information since the supposed security breach may involve a private company. Homeland Security declined to answer BuzzFeed News’ questions about the alleged T-Mobile breach.

T-Mobile declined to comment.

Craig Young, the principal security researcher for the vulnerabilities and exposures research team at the cybersecurity firm Tripwire, told BuzzFeed News that the government should ensure that carriers are vigilant in monitoring what could be hugely invasive threats.

One of the most vulnerable points of telephone companies is the way they connect to one another. An exposed network known as SS7 could let an intruder secretly re-route calls so that a third party could listen in without the caller or their recipient knowing. “The end effect is that anybody can potentially go from having a phone number to intercepting your calls by exploiting SS7 weaknesses,” Young said.

Prompted in part by the claims of the cybersecurity expert, as well as broader concerns of the SS7 vulnerability, Rep. Lieu wrote a letter to Homeland Security Secretary John Kelly on Wednesday. Along with Sen. Ron Wyden, Rep. Lieu asked Kelly what resources Homeland Security had dedicated to addressing SS7-related threats. The lawmakers also asked Kelly whether wireless carriers had done enough to help law enforcement identify vulnerabilities in their mobile infrastructure or disclose previous attempts by foreign actors to use SS7 vulnerabilities to breach their networks.

“We suspect that most Americans simply have no idea how easy it is for a relatively sophisticated adversary to track their movements, tap their calls, and hack their smartphones," Lieu and Wyden wrote. “We are also concerned that the government has not adequately considered the counterintelligence threat posed by SS7-enabled surveillance.”

A spokesperson for Sen. Wyden told BuzzFeed News that his office had contacted Homeland Security “regarding reports of anomalous cellular network activity, which may involve the SS7 system.”

Since early last year Rep. Lieu has been urging his colleagues on Capitol Hill to investigate the SS7 vulnerability, which poses an array of startling risks. “The applications for this vulnerability are seemingly limitless, from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring U.S. government officials,” he said in a letter to the chair and ranking member of the House Government Oversight Committee last April.

It's unclear if the alleged T-Mobile intrusion began through an attack on T-Mobile itself through spear phishing, an intruder posing as a legitimate wireless carrier, or through hardware that spoofs mobile phones into connecting with false cell towers.

Blake Montgomery contributed reporting for this story.

Topics in this article

Skip to footer