This is not the first time that SS7 has been used for nefarious purposes. Industry experts started to warn about the dangers of SS7 back in 2008. In more recent years there have been numerous reports that the SS7 network has been used by governments and others to keep tabs on the locations of some cellphones. But the use of the SS7 network to intercept text messages creates a big danger for anybody using online banking that requires text-massage authentication. Once a hacker intercepts a text verification code they can be inside your bank account.
Once a hacker is inside the SS7 network they can use the protocol to redirect traffic. This was recently demonstrated on 60 Minutes when German hackers intercepted phone calls made to congressman Ted Lieu, with his permission. SS7 can be used to direct, block or perform numerous functions on any telephone number, making it a great tool for spying.
Telephone techs are familiar with SS7 and it’s been with us since 1975. It was developed by Bell Labs and was the technology that allowed the creation of what we’ve come to call telephone features. SS7 technology allowed for the telephone system to snag pieces of called or calling numbers and other network information and led to the creation of such features as caller ID, call blocking, call forwarding and numerous other features.
In the telecom world SS7 is carried on a separate network from the paths used to route telephone calls. Every telephone carrier on the network has separate SS7 trunks that all connect regionally to SS7 hubs, known as STPs. It is the ubiquitous nature of SS7 that makes it vulnerable. There is an SS7 connection to every telephone switch, but also to private switches like PBXs. If the SS7 network was a private network that only connected telco central offices it would be relatively safe. But the proliferation of other SS7 nodes makes it relatively easy for a hacker to gain access to the SS7 network, or even to buy a connection into the SS7 network.
It has now become dangerous to use two-factor authentication for anything. While access to bank accounts is an obvious target, this kind of hacking could also gain access to social networks, entry into corporate WANs or any software platform using two-factor authentication. Some banks have already announced that they are going to abandon this kind of customer authentication, but many of the larger ones have yet to act. You have to think most of them are looking into alternatives, but it’s not particularly easy for a giant bank to change their customer interfaces.
There is a replacement for SS7 on the way. It’s an IP-based protocol called Diameter. This protocol can replace SS7 but also has a much wider goal of being the protocol to authenticate connections to the Internet of Things as well as VoIP communications from cell phones using WiFi.
Banks and others could change to the Diameter protocol and send encrypted authentication messages through email or a messaging system. But this would not be an easy change for the telephone industry to implement. The SS7 network is used today to support major switching functions like the routing of 800 calls and the many telephone features like caller ID. Changing the way those functions are done would be a major change for the industry. It’s one of the many items being looked at by the industry as part of the digital transition of the telephone network. But if it was decided tomorrow to start implementing this change it would require years to make sure that all existing switches keep working and that all of the SS7-enabled functions keep working as they should.
SS7 was implemented long before there was anything resembling a hacker. For the most part the SS7 network has been working quietly behind the scenes to do routing and other functions that have increased the efficiency of the telephone network. But like with most older electronic technologies the SS7 network has numerous flaws that can be exploited by malicious hacking. So it probably won’t be too many years until the SS7 networks are turned off.