SS7 Mobile Network Vulnerabilities you Need to Know About

Unfortunately, mobile networks are vulnerable to attack and criminals, hackers, foreign governments and many others gain access to mobile networks to listen in and record phone calls and text messages.

In 2014, German researchers discovered a security risk enabling hackers, criminals and others to intercept mobile phone calls and text messages. They, and many others since, have demonstrated that surveillance can take place from anywhere in the world with relative ease.

What is SS7 and Why is it Vulnerable?

Signaling System 7 (SS7) is the international telecommunications standard dating to the 1980s and used globally to routes calls, texts and other services across cellular networks. Since mobile users are mobile – calls need to continuously move transparently between cell towers and networks, without dropping or decreasing in quality. SS7 is what makes this possible – and the ‘tools’ that make it possible are the same ‘tools’ that inherently make it vulnerable to attackers.

When SS7 was originally designed, there were far fewer mobile networks, and SS7 was based on mutual trust between the interconnecting operators. Few had access to SS7, and those few trusted each other to play by the rules. This enabled the ease which we continue to experience today as calls flow seamlessly between networks. As mobile evolved, thousands more network operators were established. What was once an intimate circle, where mutual trust could exist, is no longer feasible. Thus, we are at a crossroads, with multitudes of operators part of a global system used by those who were never intended to have access to it – some for nefarious purposes.

To refer to the exposure as a ‘flaw’ that enables eavesdropping attacks is a mischaracterization of SS7. SS7 delivers what it was designed to deliver: interoperability and seamless, transparent access, to enable calls to flow easily between networks. SS7 works as designed, as is observable every time passengers instinctively grab and turn on their phones immediately upon landing on an international flight. Within seconds, phones start buzzing with the incoming texts and phone calls. Global roaming is ubiquitous and seamless in today’s age.

Since the purpose of SS7 is to connect all mobile networks across the globe seamlessly, anyone with access to any SS7 entrypoint can eavesdrop on phones calls or text messages that are routed over the network. Thus, attackers are not constrained by geographic proximity. If an attacker gains access to SS7 in Africa or Asia, the attacker can access phone calls that are made between users in Mexico, the United States or Europe.

According to the US Department of Homeland Security (DHS), “Gaining unauthorized access to the core SS7 or Diameter network is a risk since there are tens of thousands of entry points worldwide, many of which are controlled by countries or organizations that support terrorism or espionage.”

What about 4G and 5G?

Some carriers have upgraded their systems to 4G, and eventually to 5G, providing a degree of encryption between devices and the cell tower. However, once the signal hits the cell tower, it is converted to wireline, and is no longer encrypted as it traverses the networks. While encryption between devices and cell towers mitigates interception between phones and the tower, it by no means ensures calls are secure, nor does it protect SS7 from hacks. The signal, whether a voice phone call or a text message travels in the clear “between the towers” even on the strongest networks.

Surveillance in Mexico

Mexico is one of the most advanced countries when it comes to surveillance and the Mexican Government was among the first known purchasers of surveillance technology that exploits SS7 vulnerabilities to enable spying on calls and text messages– all performed silently, without the person ever being aware that their communications are being intercepted.

What you can do to Secure your Calls and Messages from SS7 Vulnerabilities

Unfortunately, it does not look like SS7 vulnerabilities will be fixed anytime soon. The technological revolution we are experiencing will continue to meet demands for ever improved services, increased speed and performance and billions of new connected devices. Even though legacy SS7 technology will slowly be replaced by Diameter over the next decade, the upgrade will not address the fundamental design principles of reliability and interoperability in this increasingly global and connected world. Of consequence, the same kind of security and surveillance exposure will exist with Diameter and will be with us for years to come.

The only solution? Do not rely on or trust any network to provide the security and encryption. Encrypt, encrypt, and encrypt yourself by implementing strong, end-to-end (E2E) encryption for all calls and texts. Through the application of properly implemented E2E encryption, the content of communications are no longer at risk to surveillance.

Many applications today provide some form of encryption, but not all solutions provide the same quality and level of protection. It is important to use a solution that is truly end-to-end, easy and intuitive to use, and provides high quality audio. TrustCall is one such app widely available in Mexico and throughout the world. TrustCall provides E2E encryption protecting phone calls and text messages, ensuring that no one other than the initiator and intended recipient can hear the call or read the text message. TrustCall is supported on Android and iPhone, and easy to use, allowing one to use it securely for all communications – whether talking to friends, family, business colleagues, customers or others.

Contact KoolSpan to find out how you can easily encrypt your communications and protect your calls and text messages from SS7 threats.

Elad Yoran

Elad Yoran is Executive Chairman of KoolSpan, CEO of Security Growth Partners (SGP) and Associate Adjunct Professor at Columbia University School of International and Public Affairs (SIPA). He is a 20+ year cybersecurity executive and entrepreneur, among other things having founded and led many foundational cyber companies. He serves as director at Infinidat as well as on several government and industry boards including the Army Cyber Institute, the Cloud Security Alliance, and previously, the FBI IT Advisory Council. Elad is the author of many articles going back to the original Internet Security Threat Report research papers. Elad’s cybersecurity entrepreneurial experience, for which he was honored as “Entrepreneur of the Year” by E&Y, includes Riptech, acquired by Symantec; MediaSentry, acquired by SafeNet; Sentrigo, acquired by McAfee; Vaultive, acquired by CyberArk and others. Previously, Elad served as VP Global Business Development at Symantec. In addition, Elad was a strategic investor and director/advisor to Red Owl Analytics, acquired by Forcepoint; NetWitness, acquired by RSA; ThreatGrid, acquired by Cisco; and Insightix, acquired by McAfee. Previously, Elad served as a US Army officer and is a veteran of Operation Restore Hope in Mogadishu, Somalia. He is a graduate of the Wharton School and West Point.