SS7 is a common channel signaling system used in international and local telephone networks. The SS7 protocol is used everywhere, and is the leading protocol for connecting network communication worldwide
Providing SS7 services since 2017. Trusted by IneedHack.com
Introduced and adopted in the mid 70s, SS7 (Common Channel Signaling System No. 7 or C7) has been the industry standard since, and hasn’t advanced much in decades. It’s outdated security concepts make it especially vulnerable to hackers.
SS7’s success has also, in a way, been its curse. At least when it comes to cyber security. The SS7 protocol is used everywhere, and is the leading protocol for connecting network communication worldwide. Because it is so prevalent, used by both intelligence agencies and mobile operators. From a surveillance perspective, it is considerably effective. As such, SS7 is an attacker’s best friend, enabling them access to the same surveillance capabilities held by law enforcement and intelligence agencies.
SS7 cyberattacks are mobile cyber attacks that exploit security flaws in the SS7 protocol. They compromise and intercept voice, SMS and other communications on a cellular network. Similar to a Man in the Middle attack, SS7 attackers target mobile phone communications and not wifi transmissions.
SS7 Attacks exploit the authentication ability of communication protocols running atop SS7 to eavesdrop voice and text communications.
The hacker can connect to an SS7 network and target subscribers while fooling the network into believing the hacker device was an VLR node.
SS7 Attacks exploit the authentication ability of communication protocols running atop SS7 to eavesdrop voice and text communications.
The hacker can connect to an SS7 network and target subscribers while fooling the network into believing the hacker device was an VLR node.
The transportation of SMS messages is made possible by SS7. An attacker might be able register the victim’s MSISDN (mobile number), on a fake MSC.
The victims operator’s HLR will serve as a telephone directory for MSISDNs. Operators and SMS service centers (SMSC) will then set the Victim’s new location. For this example, victims Bank sends them 2FA authentication tokens.
The MSC then transfers the SMSC to the SMSC. When the real MSMSC questions the victims operator’s HLR about the victims location, HLR responds with the attacker-operated MSC. The SMSC of the real operator transfers the SMS to an attacker-operated MSC.
The attacker can then obtain the original 2FA token, and respond to the victim’s Bank authentication prompt.
A similar attack can be carried out with Call interception. An attacker can use the first part to redirect the victim’s call to their VoIP provider or their IP-PBX (for instance Asterisk), and then handle the call as any other VoIP call.
This attack could also be carried out in other ways such as WhatsApp or other encrypted messaging services. The attacker may be able redirect WhatsApp enrolment on another device and intercept messages by redirecting them to their attacker controlled phone.
It may be possible to ask for the LAC (Location Code) and Cell ID from a network operator and get a reasonable location for a victim. This may require prior knowledge of subscribers IMEI (International Equipment Identity), or IMSI (International Mobile Subscriber Identity). A MSISDN may not suffice to be able query this information. An attacker may be able to obtain an IMSI by performing a LHR search.
