Largest mobile network privacy breach ever proves we need 5G security — now

Thanks to nonstop commercials promoting 5G networks, it may feel like 5G is already pervasive, but it’s not. In addition to 5G’s faster speed and better coverage, one of its greatest benefits is vastly better security enhancements to known threats with end-to-end security. The recently announced hack of the global telecom company Syniverse proves just how much we need to deploy full 5G networks — including 5G core infrastructure — now to ensure national security.

While Syniverse is hardly a household name, it’s a critical part of the global telecom infrastructure. It connects over 300 cell phone networks globally that collectively serve over 8 billion mobile device accounts. It acts as an intermediary and operates as a switchboard for billing records and text messages sent between cell phone networks.

This makes them an ideal target for hackers seeking to take advantage of this global flow of information. From May 2016 through discovery in May 2021, hackers apparently had a front row seat to a massive treasure trove of trillions of cell phone records and text messages, whizzing across the globe.

Beyond the draw for hackers seeking to profit from stolen information, the theft and exploitation of this data poses a real national security threat. This type of vulnerability is well known — and 5G was engineered with a solution.

Quick background: Early mobile phone systems such as 2G and 3G used a technology known as Signaling System 7 (SS7), which has zero security. If you can access an SS7 data pipe, you can listen in on phone calls, steal text messages, and even get the GPS location for any phone. It can also be used to hack multi-factor authentication. 

4G developers thought they fixed the problem by replacing SS7 with a newer technology called Diameter and adding encryption and authentication. This did fix some of the issues, but if a hacker can get into any operator network, or an intermediary like Syniverse, it’s still game over.

That’s because Diameter relies on hop-by-hop security. Sensitive data is encrypted as it travels from one network to another, but when traversing an intermediary like Syniverse, it is first decrypted and then re-encrypted, leaving it exposed for a short period of time.

5G fixes this by revamping the way that networks interact with one another and has introduced end-to-end security. Data remains protected when it travels through intermediaries. And any changes to the data needed for routing are securely annotated, providing a detailed audit trail while protecting the sensitive details.

As the world works to fully deploy 5G, we have a unique opportunity to fix past mistakes. We’re already making good progress in upgrading our landline phone infrastructure to use the Session Initiation Protocol (SIP) to combat robocalls.

But we still have two problems:

1. While there’s a lot of buzz about 5G being deployed across the world, we’re one-to-two years away from all the new 5G core network features coming online in the United States.
2. Our phone networks are all backwards compatible. In fact, Syniverse still runs SS7 to support lots of older mobile networks, even though much of the world has already moved on, leaving data vulnerable.

We need a plan and I’ll offer these steps:

• The U.S. must move quickly to phase out SS7 entirely. We must capitalize on the ongoing momentum shifting landline networks to SIP, and move similarly to expedite adoption of new 5G core network standards for mobile networks. FCC’s 5G Fund should help offset costs for smaller carriers to perform the needed security upgrades. 

• Evenly apply cybersecurity requirements. The release of the NIST Cybersecurity Framework in 2014 got many critical infrastructure sectors — telecom operators included — systematically focused on cyber defense. Intermediaries like Syniverse fell through the cracks, and we must hold them to the same standards as the rest of the industry, including industry best practices around SS7 and Diameter.

• The U.S. must work with global organizations, such as the International Telecommunications Union and GSM Association (which represents mobile operators and organizations) to tackle these issues on a worldwide scale. Together, they must work to similarly phase out SS7 across the globe, while promoting accelerated adoption of 5G end-to-end security.

• We need hands-on testing and integration between U.S. carriers to accelerate the pace of learning, adoption, and deployment. Coincidentally, the FCC just announced a study group to investigate this topic.

This dramatic hack of Syniverse is simply the latest and most profound example of why we must urgently upgrade the interconnects that underpin our mobile phone networks.

The good news is we have a solution in 5G end-to-end security. But we’ve got to move faster to fully adopt it.

Let’s get to work.

Dr. Charles Clancy is a senior vice president at MITRE where he heads MITRE Labs. Clancy is an expert on telecom security and has regularly testified on these topics on Capitol Hill.