Privacy commissioner calling on wireless networks to plug security gap

Canada's privacy watchdog is sounding the alarm about the threat of hackers intercepting mobile phone communications from a single phone number.

Flaw in SS7 network identified by Radio-Canada/CBC investigation

Canada's privacy commissioner is calling on cellular companies to seal up a point of vulnerability in the SS7 network. (DIPTENDU DUTTA/AFP/Getty Images)

Canada's privacy watchdog is sounding the alarm about the threat of hackers intercepting mobile phone communications from a single phone number.

In his annual report, Privacy Commissioner Daniel Therrien responded to an investigative report by Radio-Canada-CBC.

"Thanks to a report broadcast last November by the CBC and the Radio Canada, we became aware of a security vulnerability related to the SS7", the commissioner wrote in his report tabled Thursday.

SS7 — Signaling System # 7 — is the global system for mobile telephone traffic. Any network that does not adopt adequate security measures is vulnerable to hacking through SS7.

With the help of a hacker in Germany, Radio-Canada-CBC was able to intercept calls from a federal MP and geotag his every move. His cellphone used the Rogers network, but the Bell Canada network also was successfully tested and hacked.

"Hackers are targeting the SS7 to obtain subscriber information, hear calls, steal money, conduct denial of service attacks and geotag their movements," warned the commissioner's report.

The commissioner notes that some European countries appear to be ahead of Canada in when it comes to protecting the communications of cellphone users.

"In some countries, it seems that the government intervenes a little more actively in regard to the requirements that are made to telecommunications companies," said Therrien in an interview with Radio-Canada.

"In the current state of affairs in Canada, obviously the CSE (Communications Security Establishment) has clear legal responsibilities for the protection of government systems, but not for the protection of privately managed systems. I do not have definite answer on this, but that could be an explanation."

When the Radio-Canada-CBC report was aired, Bell, Rogers, the Canadian Wireless Telecommunications Association and the federal government all refused to give interviews.

The Office of the Commissioner contacted all of these stakeholders to get them to explain the flaws in the system and said it received what Therrien called "encouraging commitments."

Who is vulnerable to SS7 cell phone attacks?

5 years ago
Duration 5:31
Lex Gill, Research Fellow at the University of Toronto’s Citizen Lab, weighs in

Therrien made three recommendations to them to strengthen the security of Canada's cellular networks.

"Everyone recognizes that the system is vulnerable," he said.

"As you have shown, it is vulnerable to, among other things, the hacking of communications that the cell phone uses. There is reason to be concerned. We will continue to have a dialogue with the government and the companies to try to reduce the scope of the problem as much as possible."


Brigitte Bureau is an award-winning investigative reporter with Radio-Canada. You can reach her by email: brigitte.bureau@radio-canada.ca.


To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.

Become a CBC Member

Join the conversation  Create account

Already have an account?