SS7 — THE DEADLIEST ATTACK

Vasanth Vanan
Feb 13 · 5 min read

SmartPhones have created a revolutionary change in Telecommunication and the usability extends way beyond it is expected. A Recent Report says

Children spend twice as long on smartphones as talking to parents.

This is Terrible! 😱

People use smartphones for almost everything! They do Online payments, social messaging, e-Banking & hours of seamless Phone calls! While this happens, For a second.. have you ever thought that the data in your smartphones are still safe & secured?

Nooo! Every data in your Smart phones are under vulnerable to Attack!

And this Deadliest Attack is called — “ The SS7 Hack Attack ”

Signaling System 7 (SS7) , a protocol which is used for exchanging data between network devices in worldwide network infrastructure.

Consider you are attempting to make a phone call (from Carrier A) to your friend who is far from(to Carrier B). This is how your voice messages get transmitted to the other end.

WorkFlow of SS7 Network

Phone signals are reached to the base stations by nearby towers and transmitted to the SS7 network in carrier A. Every SS7 Network has components such as:

  1. HLR(Home Location Register): contains a database with subscriber’s information such as phone number, pre-paid contract, call/text data permissions
  2. VLR(Visitors Location Register): contains a database of the geographical location which are close to subscriber’s location

These SS7 network devices exchange data from Carrier A to B and vice versa and finally, it successfully reaches the other end of the subscriber.

But, this protocol (SS7) which is used by over 800 global telecoms, is insecure and can be easily compromised by hackers.

  • listen and record your Phone calls
  • read SMS messages that are sent & received
  • track geographical locations

They can also easily bypass two-factor authentication which is usually sent via SMS to a user. A hacker who listens to the particular network can intercept that SMS message and exploit the information shared.

How do they Attack?

In order to attack, You need to dig deeper to find a suitable provider for your network.

SigPloit, a signaling security testing framework used to exploit vulnerabilites in the signaling protocols

1.1 Installing SigPloit

cd SigPloitsudo pip2 install -r requirements.txtpython sigploit.py

1.2 Selecting the Module as SS7

Screenshot from Terminal

1.3 Setting the options: client_pc, serve_pc, client and server IP, port, MSISDN (phone number)

1.4 Capturing packets from any packet analyzer

1.5 Gathering Information using “ HackRF one ” hardware tool.

Hacking Whatsapp:

Let’s consider the Example of Whatsapp, where over 1 billion people in over 180 countries use daily. Although the Application is End-to-End Encrypted, the account verification for WhatsApp is still done via SMS or Mobile Call. Hackers use this as their advantage and target the SS7 network.

In this case, if the hacker gives your phone number to his phone’s WhatsApp account and also intercept your SMS verification messages through SS7 attack, it would be easy for him to access your account.

Still, its considered as one of the “Zero-day attack” and its vulnerable at its peak.

How to Survive the SS7 Attack?

Experts Suggest implementing a new methodology for the replacement of SS7 networks. But it was said that SS7 Vulnerability is not a Flaw, It was designed that way.

Later, A German Cybersecurity researcher came up with an Android application:

SnoopSnitch, that would collect and analyze mobile radio data to make you aware of your mobile network security and to warn you about threats like fake base stations, user tracking, and SS7 attacks.

Screenshot of SnoopSnitch Application

To install this application, the phone has to be rooted. Root privileges will be needed to collect mobile network data.

Currently, SnoopSnitch is compatible only with Android phones.

These are the web links that describe the incident happened on the loophole of SS7 Networks:

  1. Bank theft in O2-Telefonica Company, UK
  2. Telecom confirms SS7 abuse in German

Although SS7 Attacks cannot be prevented from attack it can, however, be detected in Network Function Virtualisation using Machine Learning.

Detecting SS7 Attack using ML

This is a research paper contributed by Tooba Qasim & Team, Pakistan.

  • Their idea was to apply Machine learning in SS7 network data obtained through packet analyzer
  • It is then exported as CSV file to preprocess the nominal data to numeric one
  • Suitable algorithms were to be chosen, according to the type of data selected. They have used WEKA ( a collection of ML algorithms)
  • 4 classifiers are used to generate the model and results obtained by each classification algorithm is later analyzed and evaluated.
  • The faster algorithm with good results is chosen always.

Conclusion

The research of the 2018 report has shown that the level of security of mobile communication networks is still low. Initially, Many Telecom companies thought SS7 attack as a low-level risk, but some unknown hackers have already proved them wrong by exploiting the flaws in it. So, It is always advised to stay safe and secured with your digital data.

There is a feature called “ Google Activity ” in everyone’s google account which tracks and stores all your data history, things searched for, places visited, contacts, and lot more…

If a hacker tries to retrieve your google account by using forget password, he/she would be prompted for a 2FA Verification which would be a 6-digit-code that would be sent as SMS. Hacker would easily intercept your SMS by attacking the SS7 Network

அப்பறோம் என்ன

BANG BANG BANG !!

Vasanth Vanan

Written by

Information Security Enthusiast