What is SS7?
SS7 is a set of telephony signaling protocols that are used to set up most of the world’s public switched telephone network (PSTN) telephone calls. SS7 primarily sets up and tears down telephone calls, but other uses include number translation, prepaid billing mechanisms, local number portability, short message service (SMS), and a variety of mass-market services.
With access to SS7 and a victim’s phone number, an attacker can listen to a conversation, pinpoint a person’s location, intercept messages to gain access to mobile banking services, send a USSD (Unstructured Supplementary Service Data) command to a billable number, and conduct other attacks.
SS7 hacks are mobile cyber attacks that exploit security vulnerabilities in the SS7 protocol to compromise and intercept voice and SMS communications on a cellular network.
Similar to a Man In the Middle attack, SS7 attacks target mobile phone communications rather than wifi transmissions.
Two-factor authentication (also known as 2FA/OTP) via SMS using SS7 is inherently flawed as these SMS messages are unencrypted and can be intercepted.
With the code from the SMS in their hand, a cyber-criminal can potentially reset your password to Google, Facebook, WhatsApp account, or even your bank account.
CALL INTERCEPT AND REDIRECT
Call Interception refers to actually intercepting live phone calls taking place on the Target phone, in real time as they happen.
Call Redirect refers to intercepting the phone call and forwarding it to your number in real time.
Being able to track the location of your target is a valuable goal for espionage operations.
The location tracking happens in real time even if the phone GPS is turned on or off.