How to Protect your Organization from an SS7 Hack
While SS7 vulnerabilities first made headlines several years ago, not much has changed in the intervening period of time and the vulnerabilities have not been mitigated. In fact, the threats posed and the number of SS7 hacks has proliferated.
Signaling System 7 or SS7 is the international telecommunications standard that routes calls, text messages and other services across cellular networks. The vulnerabilities inherent in SS7 enable access to mobile networks; providing criminals, hackers and government organizations with just a bit of know how the ability to redirect calls and messages as well as listen in and record phone calls and text messages.
Interestingly, while some carriers have upgraded their systems to 3G and 4G, providing encryption between devices and the cell tower, once the signal hits the cell tower, it is converted to wireline, and as it traverses the networks, it is no longer encrypted and travels in the clear. While encryption between devices and cell towers mitigates interception to some degree (by securing calls or messages between phones and the tower), it by no means ensures calls are secure, nor does it protect SS7 from hacks.
SS7 Vulnerabilities Gaining Attention
Recently, on March 17, 2015, Senator Ron Wyden (OR) and Representative Ted Lieu (CA) wrote a letter to the Department of Homeland Security, outlining the vulnerabilities and requesting the SS7 network receive attention.
They write, “U.S. cellular phones can be tracked, tapped, and hacked—by adversaries thousands of miles away—through SS7-enabled surveillance.” They further elaborate, “We are also concerned that the government has not adequately considered the counterintelligence threat posed by SS7-enabled surveillance.”
An FCC working group, the Communications Security, Reliability and Interoperability Council V (CSRIC) Working Group, created to study mobile networks and develop recommendations to mitigate risks published its final report in March 2017, Legacy Systems Risk Reductions.
The report notes, “When making a call using a landline or mobile phone, the call is not encrypted end-to-end. Most mobile phones do use some form of encryption over the air interface between the mobile device and the towers. However, the call is delivered “in the clear” as it traverses the network and is vulnerable to interception using the techniques that have been described earlier in the Risk Assessment Report. End to end encryption means that the data is encrypted at the source device with a user specific key and delivered to the end device where it is decrypted using the same key.” It goes on, “There are a number of such applications available on the market today, but the consumer needs to be wary that they are using an application that truly encrypts end to end.”
Hacking SS7 Networks
One of the challenges with SS7-based attacks is that attacks easily go undetected since there is generally no way to identify an attack. While all are confident that SS7 hacks have been going on for decades, a recent SS7- hack gained prominent media attention for the first time – because the hackers redirected two-factor authentication (2FA) text messages, enabling them to withdraw funds as unauthorized users from the victims’ back accounts.
Securing Calls and Messages from SS7 Hacks
With Politicians paying attention to SS7 vulnerabilities, and calling on the industry to repair the network, coupled with the media attention SS7 exploits are garnering, we can only hope that we will begin to see a difference in securing our phone calls and text messages. However, until the networks are truly secure, it remains the responsibility of the users themselves to utilize end-to-end encryption to ensure their phone calls and text messages receive the security and privacy necessary.
Looking for more information on encrypted calls and messaging? We’ll be happy to evaluate your encryption needs and assist in finding the best solution for you to combat SS7 hacks and other attacks on calls and messages.