CISA Warning: Commercial Spyware & SS7

The long-held assumption among corporate executives and government officials that switching to encrypted messaging apps like Signal or WhatsApp guarantees immunity from surveillance is rapidly eroding...

CISA’s warning touches upon legacy vulnerabilities in the telecommunications infrastructure itself. The agency highlights the continued abuse of Signaling System 7 (SS7), the protocol suite used by phone networks globally to route calls and texts. Despite decades of warnings, SS7 remains vulnerable to interception and location tracking. Sophisticated attackers can exploit these network flaws to intercept the SMS verification codes used to register Signal or WhatsApp accounts. By “porting” the target’s number to a device controlled by the attacker, they can effectively hijack the victim’s identity on these platforms. While Signal has introduced features like Registration Lock to mitigate this, adoption remains low among general users. (more)