Thursday, September 23, 2021

Everything about Signalling System 7(SS7)

Must Read

Brave browser disables Google’s FLoC ad-tracking technology

Brave, a Chromium-based browser, has removed FLoC, Google's controversial alternative identifier to third-party cookies for tracking users across websites.Brave...

Attacks are rising in all sectors and It’s types

DDoS, net application, bot, along with other attacks have jumped exponentially in comparison to the first half of 2019,...

Hacktivists target many Sri Lankan domains, including

A group of Hacktivists poisoned the DNS records of several Sri Lankans (.lk) websites on Saturday and redirected users...

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN). In the SS7 network, Nodes are known as signaling points.

SS7 is a set of rules that are used to the smooth working of a telephony signaling system. It may also be called Signalling System No. 7, SS7, or SS7 is often referred to as Common Channel Signaling System 7 (CCSS7) in North America.

What are Signaling System 7(SS7) attacks?

SS7 attack is an exploit that takes advantage of a security weakness in the SS7(Signalling System 7) to theft data, eavesdropping, text interception, and location tracking.

SS7 attack is a type of cyber attack that uses a security flaw in the SS7 protocol to compromise and capture voice and SMS communications on a mobile network. 

SS7 Regulates the Network Infrastructure

The SS7 network handles all the routing decisions and supports all telephony services such as 800 numbers, call forwarding, caller ID, and local number portability (LNP). The voice switches that carry the telephone conversations are known as “service switching points” (SSPs). The SSPs query “service control point” (SCP) databases using packet switches called “signal transfer points” (STPs).

The SS7 include the following services:

  • call setup, management, and teardown
  • call forwarding
  • automated voicemail
  • Wireless services such as personal communications services (PCS), wireless roaming, and mobile subscriber authentication
  • call waiting
  • conference calling
  • Local number portability (LNP
  • Billing
  • toll-free (800 and 888) and toll (900) calls
  • SMS
  • mobile phone roaming and tracking
  • Efficient and secure worldwide telecommunications

Detection and Mitigations

Network Operators may be able to use firewalls to detect and block SS7 exploitation as described by the Communications, Security, Reliability, and Interoperability Council (CSRIC). 

For text messages, avoiding SMS and instead of using encrypted messaging services such as Apple’s iMessage, Facebook’s WhatsApp or the many others available will allow you to send and receive instant messages without having to go through the SMS network, protecting them from surveillance.

Billions of mobile phone users worldwide, the risk of you being targeted for surveillance by cyber-criminals is probably small.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

Apple Releases patches for an actively exploited zero-day flaw in ios, macOS

Apple on Monday Release an urgent security patch for iOS,macOS, iPadOS, to address a zero-day flaw that has been actively exploited.Apple has revealed that...

More Articles Like This