The Signalling System No 7 (SS7) is a set of telephone signalling protocols that was originally developed in 1975 that are used to setup telephone calls and provides other services including number translation and SMS.
The SS7 protocol is named Common Channel Interoffice Signaling 7 (CCIS7) in the UK and Common Channel Signalling System 7 (CCSS7) in the USA.
The SS7 Hack Vulnerability
If an attacker is able to access the SS7 system then they are able to gain access to the same information that can be gained by the security services which enables the hacker to access text messages and listen to phone calls.
At 31C3, Karsten Nohl introduced the SS7 vulnerability through a side channel attack on UMTS in order to allow the reading of text messages, the identification of the location of the phone as well as scenarios to commit fraud from the access of the data available from the attack.
How Common is the The Use of the SS7 Vulnerability?
SS7 vulnerabilities were published in 2008 that allowed the geographical tracking of mobile phone users and in 2014 is was reported that the movements of a mobile phone can be tracked from virtually anywhere in the world with a 70% success rate.
In 2016, the largest network in Norway experienced instability due to an unusual signaling from another European service operator.
In 2017, O2 confirmed that the SS7 vulnerability had been used to achieve unauthorised withdrawals from bank accounts that was completed by the attackers installing malware on compromised computers that allowed them to collect online banking information, including the users phone numbers that were then redirected to telephone numbers controlled by them that allowed them to log into the victims bank accounts and then transfer money from those accounts.
How to Detect SS7 Vulnerabilities?
The software tool called SnoopSnitch is able to identify when certain SS7 attacks are taking place on a phone and can identify when call interception and other activities are occuring.
A method for the detection of the SS7 vulnerability was published in March 2018 by using the Wireshark and snort network monitoring applications that can be used to trace any malicious devices on the network.
About Athena Forensics
For information on our digital forensic services or if you require any advice or assistance please contact a member of our team on 0845 882 7386 or via email on email@example.com, further details are available on our contact us page.
Our client’s confidentiality is of the utmost importance. All correspondence is treated with discretion, from initial contact to the conclusion of any computer forensics investigation.
Our digital forensics experts are fully aware of the significance and importance of the information that they encounter and we have been accredited to ISO 9001 for 10 years.
Our forensic experts are all security cleared and we offer non-disclosure agreements if required. Our premises along with our security procedures have been inspected and approved by law enforcement agencies.
Athena Forensics do not disclose personal information to other companies or suppliers.