Senators Warn the Pentagon: Get a Handle on China’s Telecom Hacking

The senators also provide evidence in their letter that US telecoms have worked with third-party cybersecurity firms to conduct audits of their systems related to the telecom protocol known as SS7 but have declined to make the results of these evaluations available to the Defense Department. And in June, it announced a 10-year, $2.67 billion contract with the Navy that “will give all Department of Defense agencies the ability to place orders for wireless services and equipment from T-Mobile for the next 10 years.” In an interview with WIRED, T-Mobile chief security officer Jeff Simon said that the company recently detected attempted hacking activity coming from its routing infrastructure by way of an unnamed wireline partner that suffered a compromise. T-Mobile isn't certain that the “bad actor” was Salt Typhoon, but whoever it was, Simon says the company quickly stymied the intrusion attempts. “Every life form that accesses T-Mobile systems has to get a YubiKey from us.” Still, the fact remains that there are fundamental vulnerabilities in US telecom infrastructure. Even if T-Mobile successfully thwarted Salt Typhoon’s latest intrusion attempts, the espionage campaign is a dramatic illustration of long-standing insecurity across the industry.