SS7 min 1

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is a protocol that controls and regulates the telecommunication network internationally. In the SS7 network, Nodes are known as signaling points.

SS7 is a set of rules that are used to the smooth working of a telephony signaling system. It may also be called Signalling System No. 7, SS7, or SS7 is often referred to as Common Channel Signaling System 7 (CCSS7) in North America.

It was first developed in 1975 and has many versions. Most networks use protocols defined by the American National Standards Institute and the European Telecommunications Standards Institute.

What are Signaling System 7(SS7) attacks?

SS7 attack is one of the types of attack that takes advantage of a security weakness in the SS7(Signalling System 7) to theft data, eavesdropping, text interception, and location tracking.

Hackers can read text messages, listen to phone calls, and track mobile phone users’ locations with just the knowledge of their phone number using a vulnerability in the worldwide mobile phone network infrastructure that is SS7 Protocol.

In recent years, hackers have found ways to exploit SS7 vulnerabilities. Experts have been warning about potential weaknesses in the protocol architecture for years. 

In 2017, a mobile phone provider in Germany confirmed that hackers were able to siphon money from bank customers through an SS7 exploit.

So, Yes SS7 can be hacked, it will require access, preparation, knowledge, and a lot of money to buy access. So it is a difficult task to hack But surely it is possible to do that.


How does anyone get access to an SS7 network?

These are the Entry points in an SS7 network :

  • Peer relationship between operators
  • STP connectivity
  • SIGTRAN protocols
  • VAS systems e.g. SMSC, IN
  • Signaling Gateways, MGW
  • SS7 Service providers (GRX, IPX)
  • GTT translation
  • ISDN terminals
  • GSM phones
  • LIG (Legal Interception Gateway)
  • 3G Femtocell
  • SIP encapsulation

SS7 Regulates the Network Infrastructure

SS7 is a set of protocols allowing phone networks to exchange the information needed for passing calls and text messages between each other and to ensure correct billing. It also allows users on one network to roam on another, such as when traveling in a foreign country.

The SS7 network handles all the routing decisions and supports all telephony services such as 800 numbers, call forwarding, caller ID, and local number portability (LNP). 

The voice switches that carry the telephone conversations are known as “service switching points” (SSPs). The SSPs query “service control point” (SCP) databases using packet switches called “signal transfer points” (STPs).

The Service Control Point databases provide static information such as the services a customer has signed up for and dynamic information such as ever-changing traffic conditions in the network. 

Because the signaling network is separate, a voice circuit is not tied up until a connection is made between both parties.

Over time, SS7 evolved into a powerful set of protocols that include the following services:

  • call setup, management, and teardown
  • call forwarding
  • automated voicemail
  • Wireless services such as personal communications services (PCS), wireless roaming, and mobile subscriber authentication
  • call waiting
  • conference calling
  • Local number portability (LNP
  • Billing
  • toll-free (800 and 888) and toll (900) calls
  • SMS
  • mobile phone roaming and tracking
  • Efficient and secure worldwide telecommunication.

Detection and Mitigations of SS7

Network Operators may be able to use firewalls to detect and block SS7 exploitation as described by the Communications, Security, Reliability, and Interoperability Council (CSRIC). 

For text messages, avoiding SMS and instead of using encrypted messaging services such as Apple’s iMessage, Facebook’s WhatsApp or the many others available will allow you to send and receive instant messages without having to go through the SMS network, protecting them from surveillance.

Billions of mobile phone users worldwide, the risk of you being targeted for surveillance by cyber-criminals is probably small.

Nothing is hack-proof, however, and their success will likely be on a network-by-network basis. Reportedly, recent security testing of SS7 by an operator in Luxembourg took Norway’s largest network operator offline for over three hours due to an “unexpected external SS7 event”.

Signalling System 7(SS7) Vulnerabilities

Can you get into trouble for doing an SS7 hack?

If it’s an actual SS7 hack, then it depends on what you do. If you re-route SMS or phone calls, and if you’re not the government, then it’s extremely illegal. If it’s a simple HLR query that looks up the IMSI, then no that’s not illegal/You use SS7 to spy on people, then it’s a gray zone.

It all depends On What act you have done in SS7 like If you use SS7 to resolve mobile number portability by querying the IMSI (which contains MCC/MNC) over SendRoutingInfoForSM, the likely hood of getting into trouble is very low as this is kind of a legitimate query and unless you are doing millions of them per day, you don’t create issues.

If you kick users out of the network, read their SMS, redirect their calls, create fake calls, or do DDOS against an operator, you are asking for trouble. Most operators and signaling providers keep logs of their signaling traffic and thus can track down the packets back to the origin, one hop at the time.

Depending on the severity you might have done will SS7 result as a complaint, a disconnection, or a legal case and/or jail Against you.

Leave a Comment

Your email address will not be published. Required fields are marked *