Sen. Ron Wyden (D-Ore.) sent a letter to President Biden and his Cabinet demanding that wireless carriers’ cybersecurity standards be regulated as to not further exploit “lax security” in the United States’ phone networks.  

“I write to request that you address the grave threats posed by wireless carriers’ lax cybersecurity practices, which are not regulated, but should be,” Wyden’s letter said. “Surveillance companies and their authoritarian foreign government customers have exploited lax security in the U.S. and foreign phone networks for at least a decade to track phones anywhere in the world.”

Wyden argued that authoritarian governments have abused tools to track Americans in the United States and reporters and dissidents who are abroad, which has threatened the country’s national security, freedom of the press and international human rights.

The Senator stated in his letter that surveillance technology companies sell access to phone hacking services and foreign government customers can enter any phone number and track it, no matter where it is in the world.

“In contrast to spyware-based surveillance, these services do not interact with the target’s phone. Instead, they trick wireless carriers’ servers into revealing the information,” he wrote.

Google and Apple, the most popular operating systems, can’t track the services and the tracking depends entirely on the security of a person’s wireless carrier, he said.

The phone hacking companies exploit flaws in two obscure technologies, known as Diameter and Signaling System 7 (SS7), he said. The two technologies are used by global wireless carriers for text messaging.

Wyden highlighted that several federal agencies have noted the serious threat SS7 surveillance poses and the “importance of securing America’s communications networkers.” No official or agency has taken responsibility for the problem and very little has been done to address it, he claimed.

Wyden accused the Cybersecurity and Infrastructure Security Agency of “actively hiding information from the American people” about the threat.

The Senator said his staff was permitted to read an independently conducted report for the agency last fall, but the agency refuses to release the unclassified information “which includes details that are relevant to policymakers and Americans who care about the security of their phones.”

Wyden asked the Biden administration to work on the threat and provide Congress with updates twice a year until it’s meaningfully addressed, among several other requests for the government to ensure security for Americans’ wireless communication.