SS7

Taken from this page

Signaling System No. 7 (SS7) is a set of telephony signaling protocols developed in 1975, which is used to set up and tear down most of the world’s public switched telephone network (PSTN) telephone calls. It also performs number translation, local number portability, prepaid billing, Short Message Service (SMS), and other mass market services. In North America it is often referred to as CCSS7, abbreviated for Common Channel Signaling System 7. In the United Kingdom, it is called C7 (CCITT number 7), number 7 and CCIS7 (Common Channel Interoffice Signaling 7). In Germany it is often called N7 (Signalisierungssystem Nummer 7). The only international SS7 protocol is defined by ITU-T’s Q.700-series recommendations in 1988. Of the many national variants of the SS7 protocols, most are based on variants of the international protocol as standardized by ANSI and ETSI. National variants with striking characteristics are the Chinese and Japanese (TTC) national variants. The Internet Engineering Task Force (IETF) has defined level 2, 3, and 4 protocols compatible with SS7 which use the Stream Control Transmission Protocol (SCTP) transport mechanism. This suite of protocols is called SIGTRAN.

Protocol Security Vulnerabilities

In 2014, the media reported a protocol vulnerability of SS7 by which non-state actors can track the movements of cell phone users from virtually anywhere in the world with a success rate of approximately 70%. In addition, eavesdropping is possible by using the protocol to forward calls and also facilitate decryption by requesting that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded.  Researchers created a tool (SnoopSnitch) which can warn when certain SS7 attacks occur against a phone and detect IMSI-catchers.

In February 2016, 30% of the network to the largest mobile operator in Norway, Telenor, became unstable due to “Unusual SS7 signaling from another European operator”.

Here is a 60 Minutes video called, “Hacking Your Phone”. The main point to take away from this video is – SS7 vulnerabilities have nothing to do with you or your phone settings, type, etc.; there is nothing you can do. Additionally, vulnerabilities in SS7 seem to be utilized by government organizations that may not necessarily want them plugged.