SS7 is a set of protocols used in telecommunications universally ever since the late 1970s, enabling smooth transportation of data without any breaches. Nevertheless, there has been some really troubling news as to the potential cracks in the security of using such protocols in telecommunication brought to light.
In specific, there are several techniques that hackers and snoopers can make use of, in order to eavesdrop and intercept phone calls or written text messages. German researchers have placed the matter to the public for consideration at the Chaos Communication Hacker Congress, since there can be a great many problems emerging.
What is even more disturbing is the fact that carriers of mobile telephony spend large amounts of money towards expanding their network and securing the conditions of communication with 3G and high-end encryption. To quote Tobias Engel, one of the German researchers mentioned above,
“It’s like you secure the front door of the house, but the back door is wide open”.
One of the major incidents registered by NKRZI (which is the National Commission for the State Regulation of Communications and Informatization in Ukraine) involved Russian addresses back in April 2014.
To be more particular, there was a report indicating that quite many Ukrainian holders of mobile phones have been affected by notorious SS7 packets that possibly derived from Russia. As a result, the mobile phone holders were intercepted of their address details and (even scarier) everything that was stored inside each phone. MTS Ukraine obviously participated in the interception, in relation to MTS Russia.
As a direct consequence of security breaches related to SS7 protocols of telecommunication, the eminent threat is none other than the surveillance taking place between different countries.
In avoidance of further weaknesses in the field of telecom, there will be those countries seeking to come up with their own capabilities and this will result in chaos. Even if some try to minimize the effect of SS7 breaches, the problem still remains among the hottest issues in the agenda worldwide. It is true that there needs to be substantial expertise for someone to access SS7 and to proceed with using such data to his benefit.
According to the security firm AdaptiveMobile that has published an analysis on the recent events with the revelations on SS7 problems with Russia and Ukraine, this is indeed an uncharted territory and the danger of intercepting data through SS7 is existent.
Of course, the bright side to the whole grey situation is that it takes technical skills to gain access to the network. Not all the people who try to succeed in monitoring SS7 networks will in fact have positive feedback. Along with that, the proper cooperation of experts aiming at securing the lines will result in the danger being limited.
Written by: Ali Qamar, Founder/Chief Editor at SecurityGladiators.com
Ali Qamar is an Internet security research enthusiast who enjoys “deep” research to dig out modern discoveries in the security industry. He is the founder and chief editor at Security Gladiators, an ultimate source for cyber security. To be frank and honest, Ali started working online as a freelancer and still shares the knowledge for a living. He is passionate about sharing the knowledge with people, and always try to give only the best. Follow Ali on Twitter @AliQammar57
(Security Affairs – Information Warfare, Intelligence, SS7)