Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN). In the SS7 network, Nodes are known as signaling points.
SS7 is a set of rules that are used to the smooth working of a telephony signaling system. It may also be called Signalling System No. 7, SS7, or SS7 is often referred to as Common Channel Signaling System 7 (CCSS7) in North America.
What are Signaling System 7(SS7) attacks?
SS7 attack is an exploit that takes advantage of a security weakness in the SS7(Signalling System 7) to theft data, eavesdropping, text interception, and location tracking.
SS7 attack is a type of cyber attack that uses a security flaw in the SS7 protocol to compromise and capture voice and SMS communications on a mobile network.
SS7 Regulates the Network Infrastructure
The SS7 network handles all the routing decisions and supports all telephony services such as 800 numbers, call forwarding, caller ID, and local number portability (LNP). The voice switches that carry the telephone conversations are known as “service switching points” (SSPs). The SSPs query “service control point” (SCP) databases using packet switches called “signal transfer points” (STPs).
The SS7 include the following services:
- call setup, management, and teardown
- call forwarding
- automated voicemail
- Wireless services such as personal communications services (PCS), wireless roaming, and mobile subscriber authentication
- call waiting
- conference calling
- Local number portability (LNP
- toll-free (800 and 888) and toll (900) calls
- mobile phone roaming and tracking
- Efficient and secure worldwide telecommunications
Detection and Mitigations
Network Operators may be able to use firewalls to detect and block SS7 exploitation as described by the Communications, Security, Reliability, and Interoperability Council (CSRIC).
For text messages, avoiding SMS and instead of using encrypted messaging services such as Apple’s iMessage, Facebook’s WhatsApp or the many others available will allow you to send and receive instant messages without having to go through the SMS network, protecting them from surveillance.
Billions of mobile phone users worldwide, the risk of you being targeted for surveillance by cyber-criminals is probably small.