Why is SS7 still a security threat?

Signalling System 7 (SS7) is still full of holes – what are operators doing about it asks Kate O’Flaherty?

SS7 is still full of security holes, despite attempts to police the age-old signalling protocol. In 2017, hackers exploited SS7 as part of a two-stage attack designed to drain money from online bank accounts in Germany, using a combination of phishing and call-forwarding. It’s also possible to use SS7 to divert and eavesdrop on calls.

The SS7 protocol is crucial for the exchange of information needed for incoming and outgoing voice calls and SMS communications. Yet attackers can exploit security vulnerabilities in the protocol to enable bigger and increasingly targeted attacks. Controversial surveillance company NSO Group allegedly offered “bags of cash” for access to the world’s mobile networks, according to confidential disclosures to the US Justice Department reviewed by The Washington Post.

The SS7 network is targeted to achieve aims including tracking, information gathering, communications interception and fraud. Attackers come in the form of surveillance companies, nation state adversaries and organised crime groups.

Some of these attacks ware very hard to thwart. Access to the SS7 network will always be sought by spyware vendors, says Cathal Mc Daid, CTO of AdaptiveMobile Security. “Mobile operators must proceed on the assumptions that hostile actors, including surveillance companies, already have access to the SS7 and diameter 4G networks, and will have access to HTTPS 5G networks in the future.”

It’s a major concern, but moves are being made all the time to protect networks from damaging SS7 based attacks. Take the example of Ukrainian operators Kyivstar, Vodafone and Lifecell, which have blocked access to their networks for subscribers in Russia and Belarus in a major SS7 security move.

Mobile operators already use measures such as firewalls to protect SS7, so what else needs to be done?