Mobile Operators Solutions Products Learning Center Company Request a demo

Mobile Device Cyber Security, RSS

A Step by Step Guide to SS7 A acks OUR LATEST POSTS

Top 10 Cyber Threats to

Eyal Katz Private 5G/LTE Networks
6 min read
January 26, 2020 Cellular IoT crash course, part
1: Who needs cellular IoT?

Top 8 Endpoint Security

Solutions for 2021

Global mobile use has been on a major upswing for quite some time.
From toddlers who learn to operate a mobile phone before they can
even speak to professionals whose phones contain sensitive
information. Mobile devices are now like opinions: everyone has at
least one they hold very dear.

As 5G technology propagates and expands to reach new audiences

and devices, the opportunities for mobile cyber attacks grow
exponentially. While the YouTube browsing history of a toddler may be
of little interest to hackers, anyone holding sensitive data or
communicating privileged information is at risk. All thanks to legacy
network protocols of global telecommunications.

The aging of legacy protocols with the evolution of hacking techniques

create the perfect conditions to empower malicious activities on
increasing crowded mobile networks. So it’s no wonder mobile malware
attacks increased by 50% in 2019, and in 2020 are expected to
continue to wreak mobile security havoc at an exponential rate. 

Let’s meet one of the most prominent mobile network vulnerabilities

threatening mobile service providers and users in the past years: SS7
loopholes. 

Rather than target specific devices, sophisticated attacks are being

perpetrated on entire networks. From a mobile service provider
perspective, once your network’s SS7 protocol is successfully
compromised, hackers are privy to your subscriber’s personal
information. They can access text messages, phone calls, track device
location, and all without your or the subscriber’s knowledge.

What is SS7?
Introduced and adopted in the mid 70s, SS7 (Common Channel
Signaling System No. 7 or C7) has been the industry standard since, and
hasn’t advanced much in decades. It’s outdated security concepts
make it especially vulnerable to hackers.

SS7’s success has also, in a way, been its curse. At least when it comes
to cyber security. The SS7 protocol is used everywhere, and is the
leading protocol for connecting network communication worldwide.
Because it is so prevalent, used by both intelligence agencies and
mobile operators. From a surveillance perspective, it is considerably
effective. As such, SS7 is an attacker’s best friend, enabling them
access to the same surveillance capabilities held by law enforcement
and intelligence agencies.

How does SS7 work?

The set of SS7 telephony signaling protocols is responsible for setting up
and terminating telephone calls over a digital signaling network to
enable wireless cellular and wired connectivity. It is used to initiate
most of the world’s public telephone calls over PSTN (Public Switched
Telephone Network).

Over time other applications were integrated into SS7. This allowed for
the introduction of new services like SMS, number translation, prepaid
billing, call waiting/forwarding, conference calling, local number
portability, and other mass-market services.

Components and elements that make up the SS7 Protocol Stack –

What are SS7 attacks?

SS7 attacks are mobile cyber attacks that exploit security
vulnerabilities in the SS7 protocol to compromise and intercept voice
and SMS communications on a cellular network. Similar to a Man In the
Middle attack, SS7 attacks target mobile phone communications
rather than wifi transmissions.

How do SS7 attacks work?

SS7 attacks exploit the authentication capability of communication
protocols running atop the SS7 protocol to eavesdrop on voice and
text communications. According to telecommunications experts, all a
cyber criminal would need to successfully launch an SS7 attack are a
computer running Linux and the SS7 SDK – both free to download from
the Internet.

Once connected to an SS7 network, the hacker can target subscribers

on the network while fooling the network into thinking the hacker
device is actually an MSC/VLR node.

What’s in it for the Hackers?

When a hacker successfully performs a MitM phishing attack, they

gain access to the same amounts and types of information that are
usually reserved for the use of security services. Having the ability to
eavesdrop on calls and text messages, as well as device locations
empowers hackers to gain valuable information.

A common security precaution used by many is one of the targets of

SS7 attacks. Two-factor authentication (also known as 2FA) via SMS
using SS7 is inherently flawed as these SMS messages are unencrypted
and hackers know how to intercept them. With the code from the SMS
in their hand, a cyber-criminal can potentially reset your password to
Google, Facebook, WhatsApp account, or even your bank account.

The Risks to Digital Businesses

It doesn’t take an expert to see that it takes little skill and equipment
for a hacker to successfully mount a  man-in-the-middle MitM
phishing attack. With most businesses managing their
communications over cellular connections, it’s clear that SS7 attacks
pose a significant risk. It’s important to remember that isn’t not only
proprietary or confidential information hackers are interested in. The
growing prevalence of IoT devices relyant on mobile networks to
transmit data is expanding the risk playing field.  

An enterprise’s IoT infrastructure, critical services can be prime targets.

Such attacks can lead to potentially damaging breaches of
confidential information as well as hijacking or disabling of mission-
critical devices and services. 

Considering how high the risks are, manufacturers are doing too little
to warn businesses using IoT devices about potential security
vulnerabilities in their products. This exposes network operators to
attacks through compromised customer IoT devices on their network.

What can mobile operators do to

prevent SS7 attacks?
The flaws and vulnerabilities inherent in the SS7 protocol are out of the
jurisdiction of enterprises, small businesses as well as consumers. Being
that, SS7 vulnerabilities cannot simply be removed or fixed. 

The GSMA recommends that mobile network operations focus on

consumer education. With consumers paying more attention to the
security of their smartphones and IoT devices they are more likely to
take action to secure their devices. Especially when it comes to critical
applications and services like Smart Homes and Offices.

1. User Password Security

Two factor SMS authentication, flawed as it is, is still widely used.

Security conscious businesses and services are gradually moving away
from SMS and offer other methods of authenticating users which do
not rely on antiquated telephone protocols like SS7. 

2. Monitoring & Event Analysis

If an SS7 network is successfully compromised, companies need to

have the ability to monitor the activity during the attack. They need to
be informed on security events in the context of what is happening on
corporate servers as well as devices. This needs to be part of any
enterprise mobile security strategy. Ultimately, businesses need to
implement a defense that identifies threats and takes action before
any damage occurs.

3. Regular Updates

Cyber security is not a set it and forget it deal even if you employ
automation. Cybercriminals are always coming up with new exploits
and approaches to compromise systems to get their hands on
confidential data or hijack devices for ransom. Effective Patch
Management is critical and complements adaptive defense. By
employing real time analysis of endpoint security, business can ensure
known vulnerabilities are sealed as soon as possible through software
and firmware updates.

What can YOU do? 

The only way to be fully safe from SS7 attacks is to simply shut your
smartphone off. You and I both know that’s not an option. So what you
can do is “know the enemy”. Being aware that malicious activities like
SS7 attacks are prevalent and common is simply a necessity in 2020.

That said, with the billions of mobile phone users worldwide, the risk of
you being targeted for surveillance by cyber-criminals is probably small.
But if you happen to be a president, queen or even doctor holding
sensitive patient information on their mobile, your chances are much
higher than those of an average Joe. If you’re still using 2FA for banking
services, you might very well be in danger of having your account
compromised.

Considering just how easy it is to execute an SS7 attack and how much
damage a successful one can do to both the victim and their service
provider, one can only hope that innovation in telecom will protect us,
the end users. For enterprises, government agencies and MSPs today
there are numerous solutions ranging from complex customized
mobile VPN systems, to innovative plug-and-play solutions like
FirstPoint SIM-based user level protection

Protect people, IPs and devices

from SS7 attacks with FirstPoint
FirstPoint provides unique network level protection

Contact Us

Related Articles

Cyber a acks Cyber a acks Mobile Device Cyber Security

Step by Step Guide to SCADA Security A Step by Step Guide to

Cellular Wardriving
A acks
To m ost , wa rd r i v i n g s o u n d s
l i ke s o m et h i n g o u t of t h e
wo r l d of m o n ste r-t r u c ks . In
re a l i t y, yo u d o n’ t n e e d a
ta n k o r Hu m m e r to d r i ve
wa r. In a
in a Cellular World
S CA DA syste m s h a ve b e e n
a ro u n d s i n c e t h e e a r l y
1 9 7 0 s , wa y b a c k w h e n
n et wo r ks we re a l l c l os e d
syste m s a n d h a c k i n g t h e m
wa s t h e stu f f of s py
m ov i e s .
SS7 A acks
Gl o b a l m o b i l e u s e h a s
b e e n o n a m a j o r u psw i n g
fo r q u i te s o m e t i m e . Fro m
to d d l e rs w h o l e a r n to
o p e ra te a m o b i l e p h o n e
b efo re t h ey c a n eve n

Solutions P ro d u c t s C o m p a ny

Enterprises Mobile Cyber About

M o b i l e O p e ra t o r s Security C a re e r s

C e l l u l a r I oT I oT C y b e r S e c u r i t y Contact us

D e fe n s e Fa ke c e l l t o w e r Management team

p ro t e c t i o n

S e c u re d P r i v a t e LT E

and 5G

P r i v a c y Po l i c y

Te r m s & C o n d i t i o n s