Last week we went over the security risk related to vulnerabilities in the SS7 protocol. Long story short: if you don't like your calls and messages being listened to and read by anyone, and prefer your bank account not to be drained, this concerns you. So, let’s take a look at the ways this type of hacking can be prevented.
Signalling System 7 (which is what SS7 stands for) is a set of networking protocols, connecting over 800 network operators worldwide. It is basically the glue that brings together the networks of different carriers and countries. It is the thing that allows you to always connect to the nearest cell tower, regardless if it is run by your carrier or a competitor, making roaming possible as well.
SS7 is designed to allow networks operating in accordance with different standards to talk to each other. This includes security standards. And as you can guess, networks in the USA operate differently than ones in Europe. Add South America, Asia, Australia and Africa to the mix and you get an idea of the compatibility mess. The conventional wisdom is that a security system is only as strong as its weakest link. This one has many.
What is being done to patch SS7 vulnerabilities?
Because of the many entry points and the dated security concepts (SS7 has hardly been updated since the 1970s), it is rather easy to hack into. All one needs is a computer, Linux OS, an SS7 SDK, and a target’s phone number. On, you can monitor a person's location, listen to their calls, and read their text messages. Last year, the gravity of the situation was brought home by a TV report that saw journalists do just that to US Congressman Ted Lieu. He has since called for the holes in SS7 to be patched.
Right now, the system handles any request to relay an SMS message or a phone call as though it is coming from a legitimate operator. Often it does – SS7 links over hundreds of operators from around the globe, so it has been designed not to discriminate. But it doesn’t discriminate hackers as well. One way to fix the issue is to introduce firewalls and filters. According to Karsten Nohl of Germany-based Security Research Labs, this will address most real-world attacks happening right now.
Still, given the complexity of SS7, it is possible that a firewall might block legitimate requests. Because of that, other experts are calling for introducing encryption to the protocol. But this would require practically rewriting SS7 from scratch – which, in turn, will introduce compatibility issues. In other words, you shouldn’t hold your breath and expect communication experts to make SS7 safe for you.
What can you do to prevent being hacked through SS7?
This is a truly hard question, given that all attackers need is your phone number. Hiding it makes no sense – you need it for work, to make business contacts, etc. It’s public information. As far as tracking your location goes, you can be sure that while your phone is on you, network operators can verify your location – by pinging cell towers. And so do people who have hacked into SS7.
What you can do, however, is to make sure all incoming and outgoing traffic is encrypted. Forget about regular phone calls, SMS text messages, and plain emails. They use either weak encryption or none at all. Instead, you should use services that offer end-to-end encryption (communications get encrypted on your device and decrypted only on the receiver’s end).
However, keep in mind that on the market for communications services, end-to-end encryption is the new black. It is part of pretty much every app right now, but not a solution by itself. There are ways to bypass encryption, and you should look for software that is designed to prevent such attacks as well. This is what we specialize in.