Editing Signalling System No. 7 (section)

==Protocol security vulnerabilities==
In 2008, several SS7 vulnerabilities were published that permitted the tracking of mobile phone users.<ref>Archived at [https://ghostarchive.org/varchive/youtube/20211211/OEcW4HlrpYE Ghostarchive]{{cbignore}} and the [https://web.archive.org/web/20120113174147/http://www.youtube.com/watch?v=OEcW4HlrpYE&gl=US&hl=en Wayback Machine]{{cbignore}}: {{cite web|last1=Engel|first1=Tobias|title=Locating Mobile Phones using SS7|url=https://www.youtube.com/watch?v=OEcW4HlrpYE|website=Youtube|publisher=25th Chaos Communication Congress (25C3)|access-date=2016-04-19|format=Video|date=2008-12-27}}{{cbignore}}</ref>

In 2014, the media reported a protocol vulnerability of SS7 by which anyone can [[cell phone tracking|track the movements of mobile phone users]] from virtually anywhere in the world with a success rate of approximately 70%.<ref>{{cite news|url=https://www.washingtonpost.com/business/technology/for-sale-systems-that-can-secretly-track-where-cellphone-users-go-around-the-globe/2014/08/24/f0700e8a-f003-11e3-bf76-447a5df6411f_story.html |title=For sale: Systems that can secretly track where cellphone users go around the globe|last1=Timburg|first1=Craig|newspaper=[[The Washington Post]]|date=24 August 2014|access-date=27 December 2014}}</ref> In addition, eavesdropping is possible by using the protocol to forward calls and also facilitate decryption by requesting that each caller's carrier release a temporary encryption key to unlock the communication after it has been recorded.<ref>{{cite news|last1=Timburg|first1=Craig|title=German researchers discover a flaw that could let anyone listen to your cell calls.|url=https://www.washingtonpost.com/news/the-switch/wp/2014/12/18/german-researchers-discover-a-flaw-that-could-let-anyone-listen-to-your-cell-calls-and-read-your-texts/ |newspaper=[[The Washington Post]]|date=18 December 2014|access-date=19 December 2014}}</ref> The software tool ''SnoopSnitch'' can warn when certain SS7 attacks occur against a phone,<ref>SnoopSnitch is for [[Rooting (Android)|rooted]] Android mobile phones with [[List of Qualcomm Snapdragon systems-on-chip|Qualcomm chip]]</ref> and detect [[IMSI-catcher]]s that allow call interception and other activities.<ref>{{cite web|url=https://events.ccc.de/congress/2014/Fahrplan/system/attachments/2493/original/Mobile_Self_Defense-Karsten_Nohl-31C3-v1.pdf |archive-url=https://web.archive.org/web/20141231144037/https://events.ccc.de/congress/2014/Fahrplan/system/attachments/2493/original/Mobile_Self_Defense-Karsten_Nohl-31C3-v1.pdf |archive-date=2014-12-31 |url-status=live |title=Mobile self-defence|author=Karsten Nohl|publisher=Chaos Communication Congress|date=2014-12-27}}</ref><ref>{{cite web |title=SnoopSnitch |work=[[Google Play]] |date=August 15, 2016 |url=https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch }}</ref>

In February 2016, 30% of the network of the largest mobile operator in Norway, [[Telenor]], became unstable due to "unusual SS7 signaling from another European operator".<ref>{{cite web|url=https://www.mynewsdesk.com/no/telenor/pressreleases/feilen-i-mobilnettet-er-funnet-og-rettet-1322239|title=Feilen i mobilnettet er funnet og rettet|date=21 February 2016 |language=no|publisher=Telenor ASA}}</ref><ref>{{cite web|url=https://www.digi.no/artikler/et-ondsinnet-angrep-mot-telenor-ville-hatt-samme-konsekvens/320604|title=SS7 signalering – Et ondsinnet angrep mot Telenor ville hatt samme konsekvens|date=22 February 2016 |language=no|publisher=digi.no / Teknisk Ukeblad Media AS|access-date=2024-09-23|archive-date=2022-09-26|archive-url=https://web.archive.org/web/20220926062502/https://www.digi.no/artikler/et-ondsinnet-angrep-mot-telenor-ville-hatt-samme-konsekvens/320604|url-status=live}}</ref>

The security vulnerabilities of SS7 have been highlighted in U.S. governmental bodies, for example when in April 2016 Congressman [[Ted Lieu]] called for an oversight committee investigation.<ref>{{cite news |title=US congressman calls for investigation into vulnerability that lets hackers spy on every phone |work=[[The Guardian]] |date=April 19, 2016 |url=https://www.theguardian.com/technology/2016/apr/19/ss7-hack-us-congressman-calls-texts-location-snooping }}</ref>

In May 2017, [[Telefónica Germany|O2 Telefónica]], a German mobile service provider, confirmed that the SS7 vulnerabilities had been exploited to bypass [[two-factor authentication]] to achieve unauthorized withdrawals from bank accounts. The perpetrators installed [[Trojan horse (computing)|malware]] on compromised computers, allowing them to collect online banking account credentials and telephone numbers. They set up redirects for the victims' telephone numbers to telephone lines controlled by them. Confirmation calls and SMS text messages of two-factor authentication procedures were routed to telephone numbers controlled by the attackers. This enabled them to log into victims' online bank accounts and effect money transfers.<ref>{{Cite news|url=http://thehackernews.com/2017/05/ss7-vulnerability-bank-hacking.html|title=Real-World SS7 Attack — Hackers Are Stealing Money From Bank Accounts|last=Khandelwal|first=Swati|work=The Hacker News|access-date=2017-05-05|language=en-US}}</ref>

In March 2018, a method was published for the detection of the vulnerabilities, through the use of [[Open-source software|open-source]] monitoring software such as [[Wireshark]] and [[Snort (software)|Snort]].<ref>{{Cite news|url=http://darfe.es/joomla/index.php/descargas/viewdownload/5-seguridad/1353-analisis-de-ataques-vulnerabilidades-ss7-sigtran-empleando-wireshark-y-o-tshark-y-snort-es|title=Análisis de ataques/vulnerabilidades SS7/Sigtran empleando Wireshark (y/o tshark) y Snort|last=Corletti Estrada|first=Alejandro|work=Metodología de detección de vulnerabilidades SS7/Sigtran|access-date=2018-03-31|language=es-ES|archive-date=2018-04-03|archive-url=https://web.archive.org/web/20180403173537/http://darfe.es/joomla/index.php/descargas/viewdownload/5-seguridad/1353-analisis-de-ataques-vulnerabilidades-ss7-sigtran-empleando-wireshark-y-o-tshark-y-snort-es|url-status=dead}}</ref><ref>{{Cite news|url=http://darfe.es/joomla/index.php/descargas/viewdownload/5-seguridad/1354-analysis-of-attacks-vulnerabilities-ss7-sigtran-using-wireshark-and-or-tshark-and-snort-en|title=Analysis of attacks/vulnerabilities SS7/Sigtran using Wireshark (and/or tshark) and Snort|last=Corletti Estrada|first=Alejandro|work=Vulnerability detection methodology SS7/Sigtran|access-date=2018-03-31|language=en-US|archive-date=2018-04-03|archive-url=https://web.archive.org/web/20180403173728/http://darfe.es/joomla/index.php/descargas/viewdownload/5-seguridad/1354-analysis-of-attacks-vulnerabilities-ss7-sigtran-using-wireshark-and-or-tshark-and-snort-en|url-status=dead}}</ref><ref>{{Cite web|url=https://www.smtechub.com/ss7-attack/|title=Definitive guide to SS7/Sigtran Attack and Preventive Measures|work=Full Research on SS7/Sigtran Attack Vector, Exploits and Preventive Measures|date=2019-01-28|access-date=2020-07-03|language=en-US}}</ref> The nature of SS7 normally being used between consenting network operators on dedicated links means that any bad actor's traffic can be traced to its source.

An investigation by ''[[The Guardian]]'' and the [[Bureau of Investigative Journalism]] revealed that the SS7 protocol was exploited in an attempt to locate Sheikha [[Latifa bint Mohammed Al Maktoum (II)]] on 3 March 2018, a day before her abduction.<ref name="TBIJ_20201216">{{Cite web|date=16 December 2020|title=Spy companies using Channel Islands to track phones around the world|url=https://www.thebureauinvestigates.com/stories/2020-12-16/spy-companies-using-channel-islands-to-track-phones-around-the-world|url-status=live|archive-url=https://web.archive.org/web/20201219144441/https://www.thebureauinvestigates.com/stories/2020-12-16/spy-companies-using-channel-islands-to-track-phones-around-the-world|archive-date=19 December 2020|access-date=19 December 2020|quote=Data reviewed by the Bureau shows that a series of signals designed to reveal phone location were sent to a US-registered mobile belonging to the yacht's skipper, Hervé Jaubert, the day before commandos stormed the yacht and seized the princess. The effort appears to have been part of a huge bid by the Emiratis – mobilising boats, a surveillance plane and electronic means – to track down the fleeing princess. Signals were sent via mobile networks in Jersey, Guernsey, Cameroon, Israel, Laos and the USA.}}</ref>

In 2024, Kevin Briggs, an official at the [[Cybersecurity and Infrastructure Security Agency]], reported to the [[Federal Communications Commission|FCC]] that hacks related to SS7 and [[Diameter (protocol)|Diameter]] had been used in "numerous attempts" to acquire location data, voice and text messages; to deliver spyware; and to influence voters in the US.<ref>{{Cite news |title=It is dangerously easy to hack the world's phones |url=https://www.economist.com/science-and-technology/2024/05/17/it-is-dangerously-easy-to-hack-the-worlds-phones |access-date=2024-05-28 |newspaper=The Economist |issn=0013-0613}}</ref> In December 2024, U.S. senator [[Ron Wyden]] released information showing that the [[United States Department of Homeland Security]] believes China, Russia, Iran, and Israel are the primary countries exploiting SS7 for espionage.<ref>{{Cite web |last=Cox |first=Joseph |date=2024-12-17 |title=DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7 |url=https://www.404media.co/dhs-says-china-russia-iran-and-israel-are-spying-on-people-in-us-with-ss7/ |access-date=2024-12-19 |website=[[404 Media]] |language=en}}</ref>