Spies and hackers are actively exploiting a backbone of how mobile phones communicate—and telecoms have known about it for 19 years.

By targeting a network and set of related protocol known as SS7, for-profit surveillance companies and financially motivated criminals can track phones across the planet, or intercept calls and text messages.

In recent years, security researchers and the media have highlighted these problems, with one news outlet even eavesdropping on the calls of Congressman Ted Lieu to demonstrate the vulnerabilities. Despite high-profile coverage, generally the problems in SS7 persist.

But at least some members of the telecom community have known about the serious security issues in SS7 for nearly two decades, according to a document reviewed by The Daily Beast. The news highlights the snail’s pace at which the industry has addressed glaring holes in the world’s mobile infrastructure, leaving U.S. citizens and others around the world open to spying.

“There is no adequate security in SS7. Mobile operators’ needs [sic] to protect themselves from attack by hackers and inadvertent action that could stop a network or networks operating correctly,” a recently unearthed, 1998 document from the European Telecommunications Standards Institute (ETSI) reads.

ETSI is a nonprofit organization that today has over 800 members from the telecom industry, including giants such as T-Mobile, Vodafone, and Orange. ETSI developed versions of SS7 for the European market, organization spokesperson Claire Boyer told The Daily Beast. The document itself is a report from a meeting of ETSI’s “Special Mobile Group.”

The 1998 document adds that “the problem with the current SS7 system is that messages can be altered and injected into the global SS7 networks in an un-controlled manner.”

…click on the above link to read the rest of the article…