SS7 и мобильные сети: сложное взаимодействие возможностей и рисков.

Mobile technologies have revolutionized the ways of communication. However, despite their advantages, they also pose serious security risks. One such risk is the so-called Signaling System No. 7 (SS7) — a crucial element of the mobile network that, unfortunately, is known for numerous security vulnerabilities.

Origin and Function of SS7
SS7 is a protocol system created in the 1970s, serving as the main artery of global telephone networks. Originally designed for routing telephone calls, it was later expanded to support services such as SMS. Thanks to SS7, you can easily call someone on the other side of the world, regardless of your mobile operator or location.

But what exactly does SS7 provide? For example, when you call someone in another country, SS7 ensures the correct routing of your call. It also supports functions like roaming, allowing you to use your mobile phone abroad.

Dangers of SS7
Every technology has its dark sides, and SS7 is no exception. Due to its age and the fact that security was not a priority during its development, SS7 is vulnerable to various attacks:

1. SMS interception: attackers can intercept SMS messages, which is especially alarming given that many systems use SMS for two-factor authentication.
2. Call interception: today privacy is extremely important, and SS7 allows attackers to eavesdrop on private phone conversations.
3. Location tracking: SS7 enables real-time tracking of a user's location.
4. Spoofing and fraud: attackers can spoof calls and messages, leading to serious cases of fraud.
5. Denial of service: attacks can paralyze the network and hinder communication. Criminal groups may exploit these vulnerabilities for fraud, while government agencies may use them to monitor dissidents or other targeted groups.

Previous SS7-based Attacks
SS7-based attacks are a global problem. Although specific examples are often not publicly disclosed (partly for security reasons and partly because many victims are unaware of the attacks), some well-known cases and reports highlight the system’s vulnerabilities worldwide.

1. 60 Minutes Australia (2016):
The Australian TV program "60 Minutes" showed how SS7 vulnerabilities can be exploited to intercept calls and text messages. In this report, security experts, with permission from an Australian politician, hacked his iPhone, demonstrating the system’s vulnerabilities.

2. US Network Assessment:
In the US, a review showed that all major telecommunications networks are vulnerable to SS7-based attacks to some extent. This led to increased awareness and calls for improved network security.

3. Warnings from Government Agencies:
Many government agencies worldwide, including the US Federal Communications Commission (FCC) and the UK’s National Crime Agency (NCA), have warned about the dangers and vulnerabilities of SS7.

4. Surveillance and Espionage:
There is evidence that various governments use SS7 vulnerabilities to monitor communications of their citizens or targeted groups. Although many of these actions are covert, reports of such incidents occasionally emerge.

5. Security Company Research:
Several companies and security researchers have studied and documented SS7 vulnerabilities in detail. Some of this research has been presented at major security conferences such as Black Hat and Chaos Communication Congress, demonstrating the possibility to make calls, send