What is an SS7 Attack ?
The technology of Short Message Service (SMS) is based on standardized communication protocols that allow mobile devices to exchange text messages. It has been in use since the early 1980s and has not seen much improvement. SMS relies on the Signaling System No. 7 (SS7) protocol, which is quite old and vulnerable.
Globally, 90% of mobile operators are unprotected due to flaws in the SS7 protocol. More specifically, 89% of subscribers' SMS messages can be intercepted, 58% can be tracked, and half of all phone calls can be wiretapped. These data come from research conducted by Positive Technologies, which investigated the security systems of major mobile operators.
In the early 2000s, software called Sigtran was developed to complement SS7. This software allows messages and commands to be transmitted over IP networks. Components of the SS7 network became accessible via a public network, and some of them could even be connected through the Internet. The new innovative software continued to operate on the old unprotected system, making it even easier to exploit SS7 "holes."
In 2017, a video was made on YouTube demonstrating these methods.
How Does SS7 Work ?
The technology of Short Message Service (SMS) is based on standardized communication protocols that allow mobile devices to exchange text messages. It has been in use since the early 1980s and has not seen much improvement. SMS relies on the Signaling System No. 7 (SS7) protocol, which is quite old and vulnerable.
Globally, 90% of mobile operators are unprotected due to flaws in the SS7 protocol. More specifically, 89% of subscribers' SMS messages can be intercepted, 58% can be tracked, and half of all phone calls can be wiretapped. These data come from research conducted by Positive Technologies, which investigated the security systems of major mobile operators.
In the early 2000s, software called Sigtran was developed to complement SS7. This software allows messages and commands to be transmitted over IP networks. Components of the SS7 network became accessible via a public network, and some of them could even be connected through the Internet. The new innovative software continued to operate on the old unprotected system, making it even easier to exploit SS7 "holes."
In 2017, a video was made on YouTube demonstrating these methods.
How Does SS7 Work ?
The SS7 network consists of several main components that work together to manage and route signals or communication instructions between different parts of the telephone network:
Service Switching Points (SSPs) SSPs are the network’s "communication hubs." They initiate, route, and terminate calls. When you make a call, it starts at an SSP, which helps set up and manage the call.
Signal Transfer Points (STPs) STPs route signaling messages between SPs. If SPs are the hubs, STPs are like the routers that determine the best path for each message to travel through the network.
Service Control Points (SCPs) SCPs store and provide important information for call processing, such as database lookups for number portability (allowing you to keep your number when switching carriers) and other services.
Signaling Links These "roads" connect all the points (SSPs, STPs, and SCPs). Signaling links carry the signaling messages between network components. They ensure that messages travel securely and efficiently from one point to another.
How Does the SS7 Protocol Work ?
You decide to call a friend, so you dial their number on your phone. First, your phone sends a request to set up the call. This request is packaged into a small packet called a Message Signal Unit (MSU), which contains all the information needed to connect the call.
The MSU goes through three Message Transfer Part (MTP) levels to ensure that your request is properly formatted and ready to travel through the network.
MTP Level 1: Manages the physical connection, such as the wires or wireless links that carry your call's information from your phone to the nearest network hub.
MTP Level 2: Handles error checking and correction, ensuring the information sent from your phone is received correctly, without any errors.
MTP Level 3: Takes care of routing messages, deciding the best path for your call request to travel through the network to reach your friend's phone.
