September 21, 2023

Signalling System 7 is a telecommunications protocol adopted worldwide to allow phone networks to exchange information, calls, and text messages with each other. In 2016, the security researchers had warned about possible cyberattacks leveraging the SS7 protocol vulnerabilities and it only took a year before the first attacks were observed. SS7 security gaps were exploited in multiple campaigns to intercept calls, 2FA codes, locate devices, spoof SMS, and hijack Telegram and email accounts.


Scammers target SS7 exploits

  • Analysts found several underground forums offering fake exploits for SS7 vulnerabilities. During the investigation, the researchers uncovered 84 unique onion domains claiming to offer the fake exploit tool. 
  • These sites appear to look like a scam where scammers dupe the buyers to steal their funds.  
  • Some of the fake domains that are still available on underground forums are SS7 Exploiter, SS7 ONLINE Exploiter, SS7 Hack, and Dark Fox Market.
  • All four claim to offer SMS interception and spoofing, location tracking, call interception, and redirection. 

Besides the scammed sites, there are multiple membership-only hacking forums and marketplaces such as World Market offering the real SS7 exploitation services.

  • Those working with government organizations could be at high risk as the exploitation of SS7 protocol can lead to the loss of sensitive and confidential data. 
  • One of the biggest dangers, beyond launching the MiTM attacks, is the interception of two-step verification codes that are often used as a security measure for logins. 
  • Banks and other similar institutions also use phone calls or text messages to verify a user’s identity, which could be intercepted and later be used to conduct fraud attacks. 

Fixing the flaws and vulnerabilities in the SS7 protocol is just the tip of the iceberg when it comes to mitigation measures. Therefore, GSMA recommends that users must pay more attention to the security of their smartphones and IoT devices, especially those that are used for critical services and applications.  

Leave a Reply

%d bloggers like this: