What is SS7?
Signaling System #7 (SS7) is a set of telephony signaling protocols which are used to set up most of the world’s public switched telephone calls.
First adopted in the 1970’s its many global variants are used in mobile messaging, prepaid billing and other applications and is a key tool to ensure that customer bills align with their plan tariff. It also facilitates international roaming and the associated charges.
The international version of SS7 is standardized by the ITU, with each country maintaining their own version. For example, ANSI looks after the U.S. standard for SS7.
Why has SS7 got a bad reputation?
SS7 can be exploited by fraudsters who by downloading a copy of the SS7 SDK are able to quite easily access a subscribers message inbox and listen to voice calls. Although this is extremely rare it can be costly if hackers are able to obtain confidential information like passwords and OTPs.
As SS7 is such an intrinsic part of global telephonic communication it is not being replaced or overhauled to patch the vulnerability, but instead regulatory and industry bodies are closely monitoring the system looking for attacks and intrusions.