August 14, 2022
SS7 min 1

Signaling System 7 (SS7) is a global signaling network created and maintained by telecommunications operators to coordinate the functions of diverse and large networks.

What is a Signaling System 7 (SS7)?

Signaling System 7 (SS7) is a protocol that controls and regulates the telecommunication network internationally. In the SS7 network, Nodes are known as signaling points.

SS7 is a set of rules that are used for the smooth working of a telephony signaling system. It may also be called Signalling System No. 7, SS7, or SS7 is often referred to as Common Channel Signaling System 7 (CCSS7) in North America.

The most common type of signaling system is Signaling System 7 (SS7). SS7 is a set of standards that define how information is exchanged between telephone networks.

SS7 is used to set up and tear down telephone calls, as well as to provide other services such as number portability and SMS.

SS7 is a complex system, and it can be difficult to understand all of the different concepts involved. However, it is important to have a basic understanding of how SS7 works to troubleshoot problems that may occur on your network.

If you are responsible for managing a telecommunications network, it is essential that you have a good understanding of signaling systems and how they work.

It was first developed in 1975 and has since been updated several times. It is currently the most widely used signaling protocol in the world.

What are Signaling System 7(SS7) attacks?

SS7 attack is one of the types of attack that takes advantage of a security weakness in the SS7(Signalling System 7) to theft data, eavesdropping, text interception, and location tracking.

Hackers can read text messages, listen to phone calls, and track mobile phone users’ locations with just the knowledge of their phone number using a vulnerability in the worldwide mobile phone network infrastructure that is the SS7 Protocol.

In recent years, hackers have found ways to exploit SS7 vulnerabilities. Experts have been warning about potential weaknesses in the protocol architecture for years. 

In 2017, a mobile phone provider in Germany confirmed that hackers were able to siphon money from bank customers through an SS7 exploit.

So, Yes SS7 can be hacked, it will require access, preparation, knowledge, and a lot of money to buy access. So it is a difficult task to hack But surely it is possible to do that.


How does anyone get access to an SS7 network?

These are the Entry points in an SS7 network :

  • Peer relationship between operators
  • STP connectivity
  • SIGTRAN protocols
  • VAS systems e.g. SMSC, IN
  • Signaling Gateways, MGW
  • SS7 Service providers (GRX, IPX)
  • GTT translation
  • ISDN terminals
  • GSM phones
  • LIG (Legal Interception Gateway)
  • 3G Femtocell
  • SIP encapsulation

Privacy, data protection, and legal aspects of SS7

SS7 is used by nearly all telecommunications providers and is necessary for the proper functioning of many modern-day communications systems.

While SS7 is a very important protocol, it has also been the subject of some controversy in recent years. This is due to the fact that it can be used to collect data from phone calls and text messages without the user’s knowledge or consent.

There have been a number of high-profile cases in which criminals have used SS7 to eavesdrop on conversations or track the location of targets.

Despite its potential for misuse, SS7 is still an essential part of the modern telecommunications infrastructure.

SS7 Regulates the Network Infrastructure

SS7 is a set of protocols allowing phone networks to exchange the information needed for passing calls and text messages between each other and to ensure correct billing. It also allows users on one network to roam on another, such as when traveling in a foreign country.

The SS7 network handles all the routing decisions and supports all telephony services such as 800 numbers, call forwarding, caller ID, and local number portability (LNP). 

The voice switches that carry the telephone conversations are known as “service switching points” (SSPs). The SSPs query “service control point” (SCP) databases using packet switches called “signal transfer points” (STPs).

The Service Control Point databases provide static information such as the services a customer has signed up for and dynamic information such as ever-changing traffic conditions in the network. 

Because the signaling network is separate, a voice circuit is not tied up until a connection is made between both parties.

Over time, SS7 evolved into a powerful set of protocols that include the following services:

  • call setup, management, and teardown
  • call forwarding
  • automated voicemail
  • Wireless services such as personal communications services (PCS), wireless roaming, and mobile subscriber authentication
  • call waiting
  • conference calling
  • Local number portability (LNP
  • Billing
  • toll-free (800 and 888) and toll (900) calls
  • SMS
  • mobile phone roaming and tracking
  • Efficient and secure worldwide telecommunication.

Detection and Mitigations of SS7

Network Operators may be able to use firewalls to detect and block SS7 exploitation as described by the Communications, Security, Reliability, and Interoperability Council (CSRIC). 

For text messages, avoiding SMS and instead of using encrypted messaging services such as Apple’s iMessage, Facebook’s WhatsApp or the many others available will allow you to send and receive instant messages without having to go through the SMS network, protecting them from surveillance.

With billions of mobile phone users worldwide, the risk of you being targeted for surveillance by cyber-criminals is probably small.

Nothing is hack-proof, however, and their success will likely be on a network-by-network basis. Reportedly, recent security testing of SS7 by an operator in Luxembourg took Norway’s largest network operator offline for over three hours due to an “unexpected external SS7 event”.

Signalling System 7(SS7) Vulnerabilities

How can you protect yourself with SS7?

With the recent news of several high-profile data breaches, many people are wondering how they can protect themselves from being hacked. One of the most common ways that hackers gain access to people’s personal information is through a process called “signaling system 7” or “SS7.”

SS7 is a system that is used by telephone companies to route calls and texts between different networks. However, it has been found to be vulnerable to hacking. This is because the system does not require authentication, meaning that anyone with access to the system can intercept calls and texts.

There are steps you can take to protect yourself from being hacked through SS7. First, avoid using public Wi-Fi networks to make calls or send texts. This is because hackers can easily intercept signals on these networks. Second, stay informed about the latest security threats and updates so you can be proactive about protecting your personal information.

Can you get into trouble for doing an SS7 hack?

If it’s an actual SS7 hack, then it depends on what you do. If you re-route SMS or phone calls, and if you’re not the government, then it’s extremely illegal. If it’s a simple HLR query that looks up the IMSI, then no that’s not illegal/You use SS7 to spy on people, then it’s a gray zone.

It all depends On What act you have done in SS7. If you use SS7 to resolve mobile number portability by querying the IMSI (which contains MCC/MNC) over SendRoutingInfoForSM, the likely hood of getting into trouble is very low as this is kind of a legitimate query and unless you are doing millions of them per day, you don’t create issues.

If you kick users out of the network, read their SMS, redirect their calls, create fake calls, or do DDOS against an operator, you are asking for trouble. Most operators and signaling providers keep logs of their signaling traffic and thus can track down the packets back to the origin, one hop at a time.

Depending on the severity you might have done in SS7 result in a complaint, a disconnection, or a legal case and/or jail Against you.

Leave a Reply

Your email address will not be published.