SS7 and Mobile Networks: A Complex Interplay of Opportunities and Risks
Mobile technology has revolutionized the way we communicate. However, despite its benefits, it also poses some serious security risks. One of these risks is the so-called Signaling System 7 (SS7), an essential element of the mobile network that is unfortunately also known for numerous security vulnerabilities.
Origin and Function of SS7
SS7, a protocol system established in the 1970s, is the main artery of global telephone networks. Developed initially to route phone calls, it was later expanded to support services such as SMS. Thanks to SS7, you can seamlessly call someone on the other side of the world, regardless of your mobile provider or location.
But what exactly does SS7 enable? For instance, when you call someone in another country, SS7 ensures that your call is routed correctly. It also enables features like roaming, allowing you to use your mobile phone abroad.
Dangers of SS7
Every technology has its dark sides, and SS7 is no exception. Due to its age and the fact that security was not a primary concern during its development, SS7 is vulnerable to various attacks:
- SMS Interception: Attackers can intercept SMS messages, which is particularly alarming considering many systems use SMS for two-factor authentication.
- Call Interception: Privacy is paramount today, and SS7 allows attackers to eavesdrop on private phone calls.
- Location Tracking: SS7 allows real-time user location tracking.
- Spoofing and Fraud: Malefactors can forge calls and messages, leading to severe fraud cases.
- Denial of Service: This can paralyze the network and prevent communication. Criminal gangs can exploit these vulnerabilities for fraudulent purposes or by state actors to monitor dissidents or other target groups.
Previous SS7-based Attacks
SS7-based attacks are a global problem. While specific examples are often not publicly detailed (partly for security reasons and partly because many victims don't even know they were attacked), some known cases and reports highlight the system's global vulnerabilities.
1. 60 Minutes Australia (2016):
A report on the Australian TV show "60 Minutes" showcased how SS7 vulnerabilities could be exploited to intercept phone calls and text messages. In this report, security experts hacked an Australian politician's iPhone with his permission, demonstrating the system's vulnerabilities.
2. US Network Assessment:
In the USA, a review indicated that all significant telecommunication networks were susceptible to SS7-based attacks to some extent. This led to increased awareness and calls for improvements in network security.
3. Government Agency Warnings:
Multiple government agencies globally, including the US Federal Communications Commission (FCC) and the UK National Crime Agency (NCA), have warned about the dangers and vulnerabilities of SS7.
4. Surveillance and Espionage:
There are indications that various governments exploit SS7 vulnerabilities to monitor their citizens' communication or interest groups. While many of these actions are clandestine, there are recurrent reports of such incidents.
5. Security Firm Investigations:
Several security firms and researchers have detailedly studied and documented SS7 vulnerabilities. Some of these investigations were presented at major security conferences like Black Hat and the Chaos Communication Congress, demonstrating the ability to make calls, send text messages, and track a device's location by exploiting SS7 vulnerabilities.
6. Bank Robberies in Germany (2017):
Criminals exploited SS7 vulnerabilities to intercept bank customers' SMS TANs (Transaction Numbers). Banks uses these TANs as a second factor for transactions. - The attackers accessed victims' accounts because they had online banking credentials (likely through phishing or malware) and SMS TANs intercepted via SS7. - This attack emphasized the vulnerabilities of SMS-based 2FA methods, leading to heightened criticism and concern regarding SS7 network security.
7. Intercepting Phone Calls and Messages:
Security researchers conducted numerous demos and proofs to show how easily SS7 can tap into phone calls and intercept text messages. - For example, researchers at the Chaos Communication Congress in Germany demonstrated how to exploit SS7 vulnerabilities for such attacks.
8. Location Tracking:
SS7 vulnerabilities allow attackers to track a mobile phone's physical location. Security experts have repeatedly demonstrated this, and is particularly concerning as it might enable stalkers or other criminals to track their victims.
9. Interaction with High-profile Targets:
There are reports that some high-profile individuals and journalists were targeted by SS7-based attacks, often for surveillance and espionage purposes.
Specific details about these attacks are often confidential or not publicly accessible.
These examples emphasize the serious security concerns associated with SS7. It's crucial to stress that SS7 isn't the only insecure protocol out there, but its central role in the global telecommunication network makes its vulnerabilities especially problematic. It's also worth noting that many of these incidents are merely the tip of the iceberg. The proper number and scale of global SS7-based attacks are hard to determine since many such attacks go undetected or are not publicly reported.
Protection Against SS7 Risks
While SS7 itself is the problem, there are specific measures individuals can take for protection. Using apps for two-factor authentication, end-to-end encryption apps, and VPNs are just a few options. However, real-time protection at the network level is required to prevent SS7 attacks effectively. Apps like Firewall AI for Android offer device-level protection but are powerless against SS7 attacks since they occur at the network level. Even secure operating systems like GrapheneOS can't protect here. It's essential to be aware of the limitations of such applications.
Protection Measures for Users:
- Education: Knowledge is often the best protection. If users understand how these attacks work, they can be better prepared and protect themselves.
- Limit Location-Sharing: Many services and apps allow users to turn off location-sharing. While this doesn't directly protect against SS7 attacks, it can reduce the risk of being tracked.
- Regularly Change Phone Numbers: Frequently changing phone numbers can help reduce individual risk, as attacks are often targeted.
- Alternative Communication Channels: Consider using alternative communication means for sensitive conversations not affected by SS7, e.g., encrypted VoIP services through Session, Signal, Telegram, etc.
- Use Specialized Security Apps: Some apps can detect suspicious network activity, indicating an SS7 attack. While these apps cannot block the attack, they can warn users.
- Avoid SMS 2FA: Given the vulnerabilities with SS7, using app-based two-factor authentication like Google Authenticator or Microsoft Authenticator instead of SMS-based methods is recommended.
While SS7 remains a significant security concern, users are not entirely powerless against its vulnerabilities. Awareness, proactive steps, and embracing advanced technology can all play pivotal roles in safeguarding one's digital environment. Apps like Protectstar's Firewall AI and Antivirus AI for Android are evidence of the strides being made in device-level protection, even though challenges like SS7 persist at the network level. Ultimately, the onus is also on the industry to update and secure the global telecommunications network – a daunting yet indispensable task for ensuring worldwide communication safety.
Learn more about the Android Firewall AI: