Home Digital Marketing Vulnerabilities in the SS7 protocol

Vulnerabilities in the SS7 protocol


With everyone relying on their cell phones these days it’s pretty hard to imagine a world without telecommunication. People who are familiar with online shopping, online banking or online payments are used to one-time temporary passwords deployed for identity confirmation. The security indulged in this authentication method is based merely on restricting authorization to telecommunication networks.

What is SS7?

The SS7 (Signaling System 7) network was found decades ago when only government telecommunication companies were able to use it. People were unaware of its uses and how it could be exploited. But today the world is full of attackers and hackers, exploiting the ss7 vulnerability of the network.

Are these threats to be taken seriously by mobile operators? What are hackers actually capable of doing once they get into the network? Let’s have a look at what can be done in the majority of mobile networks:

Types of SS7 attacks caused by vulnerabilities:

  • Denial of Service Attack: A DoS is an attack where a malicious attacker can bring down the mobile network for not only a specific subscriber but it can be for the complete network (GSMA Category 2 and 3 vulnerabilities).
  • Geolocation: In this type of attack, a hacker can know the location of your cell phone at any given point, using your number, unless your cell phone is switched off (GSMA Category 1 and 2 vulnerabilities).
  • Call Interception: In this particular attack, the attacker can intrude and record calls from a subscriber, without the knowledge of that particular subscriber (GSMA Category 2 vulnerability).
  • Payment Fraud: A malicious attacker can intercept and record calls from a subscriber. The attackers can use some of Unstructured Supplementary Service Data (USSD) codes. They can use the codes to transfer money from the user’s account and can remove any trace of the transaction made.
  • Whole SMS Fraud: An attacker can use the mobile operator’s network to terminate or relay a huge amount of wholesale SMS messages. Some of these acts can continue for years without being noticed. Despite the fact that SMS firewalls are used by mobile operators for the protection of their networks, the smart attackers are still able to evade these firewall defenses.

How is it possible?

What has changed in the last decade which promoted the exploitation of the network? Well, each operator that your SS7 network is connected to, in turn, is connected to various different third parties. These third parties are unregulated and unsupervised such as MVNOs, SMS aggregators, OTT players etc. In certain networks the number of third parties involved could reach up to a hundred, making it impossible to supervise what kind of messages are being sent and where.

In order to understand how it works let us take an example. You are an operator in country A“open” for roaming purposes with country B. But country B could have a service provider (third party) connected to its network in, let’s say, country C with malicious attackers. You can get attacked by someone in country C without noticing it. You could never know about it and that can leave your subscribers exposed.

What is being done?

However, security measures are being taken to avoid any intrusion. Some operators even opt for SS7 Cloud Scanner which tests any new STP or firewall rules on their own. It will require regular security analysis, network maintenance and timely detection of unauthorized activities to ensure a higher level of protection against criminals.


Please enter your comment!
Please enter your name here

4 × 4 =