SS7 and Telco backbone infrastructure

(Occupi) #1

Okay folks, I read this Motherboard article recently and now I’m quite interested in SS7, the backend Telco network that essentially routes all mobile calls and texts.

The fact that this network is both vast and vastly insecure at many entry points leads me to believe they must be exposed on the web somewhere.
Now, obviously I will not condone any sort of malicious abuse of these potentially exposed SS7 network points-of-entry, but discovering them could be a huge find and pushing telcos to secure big infrastructure is a win for everyone.

This is just a call for more information on the subject as I’m keenly interested in what kind of network protocols they use, etc. Thanks for reading!


SS7 is the networking protocol. But also it factors into PSTN,SMS -

So the best way I can explain this attack is they listen to the traffic by filtering through the packets (Since they have authroization) The problem with the SS7 vulnerability is the phone network doesn’t have a filter that authroizes the traffic through them. I don’t know if the reason for this is something doesn’t exist or they don’t have anyone capable of fixing this issue because of how old an industry it is.

(Guess, there's a solution I'm not seeing.) #3

those are two talks about the topic. I have only watched the first one some time ago. But have some good memories of it.
SS7: Locate. Track. Manipulate.
SS7map : mapping vulnerability of the international mobile roaming infrastructure

On you will find a ton more of talks about mobile security. Hope this helps.

Edit: This one was pretty good as well:
Mobile self-defense

(system) #4

This topic was automatically closed after 30 days. New replies are no longer allowed.