Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide
  • Home
  • /
  • Security
  • /
  • Positive Technologies' report highlights SS7 cellular networks' vulnerability

Security

Positive Technologies' report highlights SS7 cellular networks' vulnerability

Research published today by Positive Technologies reveals that all the Signalling System No.7 (SS7) cellular networks it tested could be exploited, turning a mobile phone into an open book.


Click on above to access report

With access to SS7 and a victim’s phone number, an attacker can listen to a conversation, pinpoint a person’s location, intercept short message service (SMS) messages (allowing access to third party services – such as bank and social media accounts), impersonate a user to send texts and make phone calls from the user’s mobile number, plus a number of other attacks.

Advertisement
Teledyne

This problem is not just a consumer one as the mobile operators are also in a position of losing multi millions of dollars through fraud and operational issues as well as the risk of the impact on their brand and reputation. The techniques can be used by intelligence services and also hackers.

Alex Mathews, Technical Manager EMEA, of Positive Technologies explains, “As our research shows the SS7 system is riddled with security vulnerabilities. While many will argue that this does not pose a risk to subscribers or operators, as it is a closed system with access restricted, that simply is no longer true.

"Originally created in the 1970s, the network was designed to interconnect fixed telephony. Over the years it has evolved in both size and supported protocols encompassing not only fixed telephony, but also facilitate GSM/3G/LTE communications offered by Mobile Network Operators (MNOs), and extended to value added service providers (MVNOs) plus IPBX services.

"Today it allows the use of IP networks to transfer signalling messages and, with this innovation, the network stopped being isolated. We all need to wake up to the realisation that SS7 exploits can turn a cell phone into an open book, allowing an attacker to read SMS messages, locate where a handset is, eavesdrop and even record conversations.

"Our research has also identified that hackers could compromise an operator’s network to perform a massive denial of service attack, affecting its entire network and preventing it from providing any and all of its services to users. Perhaps of greater concern is that our research indicates the problems aren’t limited to SS7, with these legacy flaws also present in newer 4G networks, plus new vulnerabilities may have been introduced. Mobile communications cannot be allowed to remain vulnerable. People and industries will continue to use and depend on these communication networks and we all need to work together to find a way to make these networks robust and secure, to stop exacerbating the problem in the future.”

Recognising the risks of SS7 manipulation, the National Institute of Standards and Technology (NIST- the US federal technology agency that works with industry to develop and apply technology, measurements, and standards) is no longer recommending two-factor authentication systems that use SMS. In the latest draft of its Digital Authentication Guideline it advised that:
'Out of band authentication using SMS is deprecated, and will no longer be allowed in future releases of this guidance'.

Positive Technologies’ security analysis examined the SS7 networks of various operators ranging in subscriber base from sub 10 million and in to the 10s of millions of subscribers and found all were exploitable. With multiple SS7 vulnerabilities and equipment configuration errors, these flaws offer a wide surface for a potential attack.

Advertisement
DSEI 2025

Its analysis showed that each and every SS7 network tested was susceptible to multiple attacks (nine on average). Many had more than three vulnerabilities that could be exploited due to an inability to check whether a subscriber belonged to a particular network. In most cases these flaws are actually critical to the systems functionality.

As expected, small mobile operators were less protected against outsider threats. However, even the leading cellular carriers were unable to provide a sufficient level of security, and the percentage of successful attacks was significant in all cases. The study found that 80% of DoS attacks, 77% of leakage attacks, and 67% of fraudulent actions were successful.

Mr Mathews concluded: “Obtaining access to the SS7 network is relatively easy. For example, an attacker can purchase access through the black market for several thousand dollars or even obtain an operator’s license in countries with lax laws. A rogue engineer, that works within an operator, may abuse their access to SS7 connections - typically via a laptop with specialist software installed or perhaps a raspberry PI device.

"In order to reduce risk, operators must employ a global approach to SS7 protection. At a minimum this means conducting regular security audits of the signalling network and developing appropriate measures to mitigate risk based on vulnerabilities as they evolve. Just as users expect their voice calls to be clear and their internet connection reliable, their communications should also be secure as standard.”

 

Advertisement
PTC PTC
QinetiQ US achieves DoD

Security

QinetiQ US achieves DoD's CMMC Level 2 Cybersecurity Certification

16 July 2025

Advanced certification has positioned QinetiQ US among early achievers in a select group of companies meeting the US Department of Defense's enhanced cybersecurity standards, having earned Level 2 certification under the DoD Cybersecurity Maturity Model Certification (CMMC) programme with zero findings.

SkyShark takes flight

Defence Security

SkyShark takes flight

16 July 2025

MGI Engineering, a company forged in the fast-paced world of Formula 1, has officially unveiled SkyShark, a next-generation military drone platform designed to transform battlefield operations with speed, precision and UK-built sovereignty.

Chief Superintendent Fiona Gaffney joins NPAS as COO

Security

Chief Superintendent Fiona Gaffney joins NPAS as COO

15 July 2025

The National Police Air Service (NPAS) has welcomed Chief Superintendent Fiona Gaffney as its new Chief Operating Officer (COO), following the retirement of Chief Superintendent Vicki White after 30 years of service to policing.

Lane Electronics to showcase connectivity solutions at DSEI 2025

Defence Security Events

Lane Electronics to showcase connectivity solutions at DSEI 2025

15 July 2025

Franchised distributor of electrical, electronic and optical connectors, Lane Electronics, will be exhibiting at DSEI 2025 (9th–12th September 2025, Excel London) will have the opportunity to explore the company’s latest connector technologies and its UK-based assembly and services.

Advertisement
Teledyne
UK and France agree scheme to address illegal Channel crossings

Security

UK and France agree scheme to address illegal Channel crossings

11 July 2025

The Prime Minister Keir Starmer and French President Emmanuel Macron, have agreed a scheme to address illegal Channel crossings and dismantle the people smuggling networks.

IFS appoints Kriti Sharma as CEO of Nexus Black

Aerospace Security

IFS appoints Kriti Sharma as CEO of Nexus Black

11 July 2025

IFS has appointed Kriti Sharma as CEO of IFS Nexus Black. This strategic move reinforces IFS’s commitment to industrial AI and fast-tracks the development of agentic AI systems designed for the asset- and service-intensive industries it serves.

Advertisement
Gulfstream RT