Understanding Signaling System 7 (SS7)
The Signaling System 7 (SS7) is a set of protocol suite telecommunication networks used to share information across the global public switched telephone network (PSTN). It was developed in the 1980s and has been used ever since. The SS7 protocol is crucial to the functioning of telecom networks, as it helps to set up and end voice calls, data transfers, and other network services. However, over its use since its inception, security flaws in the SS7 protocol have been identified which enable hackers to execute a range of many virtualattacks.
These vulnerabilities can be exploited by attackers enabling them to carry out data theft, eavesdropping and location tracking of mobile phone users. One of the most common methods used is known as the MITM or man-in-the-middle attack. In this method, the attacker intercepts the SS7 signal between two telecom switches and then relays the signal to its intended destination. However, the attacker can also modify the signal, allowing them to intercept and steal sensitive information.
Another method used in SS7 attacks is known as home location register (HLR) hijacking where, the attacker gains access to the HLR, which is the central database used by the telecom network to manage subscriber information, including phone numbers, location, and call routing information. By gaining access to the HLR, the attacker can redirect calls and text messages to their device and intercept sensitive information.
The SS7 attack is a technique developed in regard to several well-publicized incidents. Out of many, one such example can be referred to in the year 2016 when cybercriminals used this type of attack to fetch money from a German bank of accounts. Even the attackers were able to access messages sent by the bank to confirm transaction details in order to use them for authorizing fake transfers. The above actions by the hackers result in losing millions of euros to German banks.
In some cases, these attacks are politically motivated as was in the case of Ukrainian politicians, journalists, and military personnel whose phone calls were intercepted by the attackers to listen to their calls, steal their personal information, and track their location. This attack was part of a geo-political campaign as state-backed Russian hackers tried to destabilize the Ukrainian government.
Out of different types of SS7 attacks which mainly include:
Location Tracking.: It is the most popular type of SS7 attack. By exploiting the SS7 vulnerability, hackers can locate a mobile phone anywhere in the world for tracking the phone’s movement as well as intercepting of text messages and even eavesdropping phone calls.
Denial of Service (DoS) Attack: This attack is usually generated to disrupt the normal functioning of the mobile network. By exploiting the SS7 vulnerability, hackers can overload the network with fake signaling messages which often lead to a DoS attack.
Fraudulent Activities: Fraudulent activities such as making unauthorized purchases, accessing bank accounts and stealing sensitive information are also done by hackers through SS7 attacks.
One of the most significant advantages an attacker has in an SS7 attack is that it can be carried out silently, without the victim’s knowledge thereby enabling an attacker to steal sensitive information without the victim ever realizing it.
There have been several real-life incidents of SS7 attacks happening across the globe over the years, with varying levels of impact and severity. Here are some examples:
- German Chancellor Angela Merkel’s phone was reportedly hacked using SS7 in 2013. The attackers were able to intercept and listen to her calls and read her text messages.
- In 2016, researchers from Positive Technologies demonstrated how easy it was to exploit SS7 vulnerabilities to intercept and redirect text messages and calls, in a live demo that involved intercepting a text message sent by a US Senator.
- In 2017, a group of hackers known as the SS7 Hackers claimed responsibility for a series of attacks on banks in Germany. The attackers were able to bypass two-factor authentication measures by intercepting and redirecting messages sent to the victims’ phones.
- In 2018, a security researcher demonstrated how he was able to intercept and redirect calls made to his own phone number, using SS7 vulnerabilities.
There have been several reported incidents of SS7 attacks in India as well. Here are some examples:
- As reported in 2017 that Indian politicians, including the Chief Minister of West Bengal, were targeted by hackers using SS7 vulnerabilities. The attackers were able to intercept and listen to their phone conversations.
- As reported in 2018, SS7 attacks were generated by several cyber criminals to steal money from the bank accounts of several Indian Nationals. The attackers were able to intercept the victims’ one-time passwords (OTP) and send messages to them for carrying out fraudulent transactions.
- In 2019, a security researcher from India demonstrated how he was able to use SS7 vulnerabilities to intercept and listen to phone conversations and read text messages of an Indian mobile number in real-time.
- As reported in 2020, a group of cybercriminals had used SS7 attacks by not even sparing a high government official to fetch money from his bank account and including several other Indian nationals.
How can the SS7 attack be prevented?
Preventing the SS7 attack is challenging since it requires fixing vulnerabilities in the SS7 protocol itself. However, there are some measures that can be taken to reduce the risk of an SS7 attack.
One of the most effective measures is to use two-factor authentication (2FA) for all online accounts. 2FA requires users to enter a second form of authentication, such as a code sent to their phone, in addition to their password. This makes it much harder for attackers to gain access to online accounts, even if they can intercept text messages.
Another measure is to use a virtual private network (VPN) when using public Wi-Fi networks. A VPN encrypts all internet traffic, making it much harder for attackers to intercept and manipulate data.
Stronger authentication and authorization procedures to adjudge prevention of SS7 Attacks by telecommunications companies are the need of the day.
In the conclusion, it is to be noted that the SS7 attack is a significant threat to the privacy and security of mobile phone users. To protect against the SS7 attack, individuals and organizations should use end-to-end encryption, two-factor authentication, and other security measures. To protect their networks from SS7 attacks, telecom companies need to take steps, including the updation of the protocol and implementation of stronger authentication measures. By taking these steps, we can reduce the risk of the SS7 attack and ensure the privacy and security of the telecommunication and banking sector as a whole.
How do SS7 attacks work?
SS7 (Signaling System 7) attacks are a type of telecom fraud that targets the core network of a telecommunications company. SS7 is a global standard for telecommunications signaling that is used to control the setup and routing of voice and data communications over the public switched telephone network (PSTN).
Attackers use SS7 attacks to intercept and redirect voice and text messages sent over the cellular network, allowing them to steal sensitive information like account credentials, personal identification numbers (PINs), and other confidential data.
To execute an SS7 attack, an attacker needs to have access to the SS7 network, which is typically restricted to telecom operators. However, attackers can gain access to the SS7 network through social engineering or by exploiting vulnerabilities in network equipment or software.
What is the difference between OSI and SS7?
The OSI (Open Systems Interconnection) model and SS7 (Signaling System 7) are both frameworks for communication protocols, but they differ in their scope and focus.
Is SS7 still in use?
Yes, SS7 (Signaling System 7) is still in use in many telecommunications networks around the world. Although the SS7 protocol was developed in the 1970s, it has undergone several revisions and updates over the years to improve its security and functionality.
Is it possible to hack SS7?
Yes, it is possible to hack SS7 (Signaling System 7) and exploit its vulnerabilities. SS7 has been subject to several security vulnerabilities and attacks in the past, including interception of calls, SMS spoofing, and location tracking.