SS7 Vulnerability Still Remains as a Threat to Customers
By Enterprise Security Magazine | Friday, March 29, 2019
A set of protocols, Signaling System 7 (SS7), orients the security system. Reports from Motherboard stated that in recent times, cybercriminals and hackers are exploiting the vulnerability in SS7 to snoop calls and SMS. Attacks are carried out by exploiting the vulnerability in SS7 and subsequently the attacker gains access to the victim’s SMS, calls, and even the location of the device.
For a brief period, intelligence agencies have been making use of the “Open Door” to carry out eavesdropping operations. The vulnerability in SS7 is widely known, and its exploitation was done by the governments that are non-threatening surveillance parties. Many of the banks and online service providers are dependent on SMS for authentication; the attacker with access to victim’s login credential can receive all the authentication codes without the knowledge of the target. The attack has occurred multiple times in previous years, withdrawing money from bank accounts in the U.S., the UK, Germany and other parts from around the world.
To evade the attack, banks have introduced authentication apps to verify payments instead of SMS messages. Many telecommunication providers like Vodafone have claimed that security measures have been implemented to protect the customers from the vulnerability in their network. People who seek SS7-based services in the black market are affirmative that there is no known service provider striving to stop exploiters. Networks are protected using firewalls and attack detection systems, but there is still scope to exploit the vulnerability due to the basic attribute of the SS7 that allows users to connect without any interruptions easily. With the growing number of malicious actors, SS7 is expected to be leveraged for a lower price to carry out attacks on anyone.
Check out: Top Vulnerability Management companies