Fraud & Identity Fraud & Identity

Fraud & Identity Featured Article

April 12, 2017

Fraudsters Increasingly Turning to SS7 Hijacking

There is no shortage of cyber-threats today. All Internet-connected devices are at risk, and as users become more savvy, fraudsters are having to get more sophisticated, and the usual safeguards (who is the call/message from? Where is it originating?) are less reliable, since hackers are now exploiting vulnerabilities in the SS7 mobile signaling protocol so that they can spoof user locations and even hijack calls and messages.

Last year, security researchers at Positive Technologies found they were intercepting messages and responding as if they were the intended recipient in services such as WhatsApp or Telegram, according to John Leyden writing for the UK newspaper The Register. Fraudsters could use these interceptions to receive reset codes sent by text, for example, and complete takeovers of accounts for the purpose of identity fraud.

“This is not a man in the middle attack: instead, the attacker is actually impersonating the victim's identity,” he wrote. “The mechanism of the attack renders encryption offered by the apps irrelevant.”

Companies and individuals are gaining access to SS7 networks for supposedly legitimate purposes and then reselling access to fraudsters or hackers – sometimes even on a subscription basis, according to Keith Dyer writing for The Mobile Network. Steve Buck of Evolved Intelligence told Dyer that operators and security companies have seen fraudulent exploits of SS7 signaling networks increase in the past 12-18 months, prompting groups like the GSMA to get involved in writing specifications to guard against attack. Up until now, major operators have been aware of the potential for brand damage caused by SS7 vulnerabilities, but there has been less focus on fraud, Buck told TMN.

“This is not just a security problem, it is a fraud problem,” he said.

Last year, researcher Karsten Nohl of the Communications Security Risk & Interoperability Council (CSRIC) demonstrated the vulnerabilities in SS7 by staging a fake “attack” on the cellphone of Congress member David Lieu as an exercise during a working group of the CSRIC, which then prepared a report of its findings to the Federal Communications Commission (FCC). The working group recently submitted its recommendations, noting that operators should continue to implement firewall methods to protect from attacks, but also that there should be more information sharing within the industry on attacks.

As high profile organizations such as banks have tightened their own security procedures to protect against attacks by internal fraud and social engineering, fraudsters have switched their attention to dedicated communications networks such as SS7, which is making it necessary for companies to turn to SS7 firewall products.

“Another reason for the shift is that operators were previously able to ring-fence access to SS7 hubs to a small range of trusted partners,” wrote Dyer. “But with a larger number of companies benefiting from a direct connection to the signaling layer, it has become harder to police access.”

Article comments powered by Disqus

Industry Insights

(MobileID) Proactive Fraud Prevention

Interconnect-related fraud such as International Revenue Share Fraud (IRSF) and PBX hacking fraud continue to be a billion dollar problem to the telecom industry.

(Defender Shield) Defense solutions for the modern SMS ecosystem

SMS is a ubiquitous communication method for person-to-person (P2P) text messaging, which has been in use globally for nearly 20 years.

(Defender Shield) Preventing Grey Routes and the Multi-billion dollar Threat

The convenience of mobile messaging has brought communication efficiency to billions of consumers worldwide. As is often the case with widely accepted technologies; however, convenience can provide a vulnerable gateway to fraudulent activity.

Product Documents

Asset Protect

While unlimited or high-volume voice and SMS plans offer great value to subscribers, sometimes fraudsters exploit these plans to avoid paying termination and interconnect fees.

Defender Shield

In a world with ever-increasing Application-to-Person (A2P) messaging needs and competition, improving customer satisfaction and eliminating revenue leakage is key for protecting SMS profits.


Accurate and cost-efficient routing of voice calls and SMS is critical. Unfortunately, gathering reliable routing data on ported numbers and keeping up with constant changes in number plans is expensive and time-consuming.

Fraud Solutions

Communications fraud is a $20B annual global problem and growing. Companies are looking for peace of mind so that their business and their customers are protected from the onslaught of technology crime that is damaging their reputations and their balance sheets.