backgroundstore - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Can eavesdropping over the SS7 protocol be prevented?

Recently revealed insecurities in SS7 have left many unsure about the well-used protocol needed for phone connections. However, the answer to achieving security is not easily obtained.

Researchers recently showed that the SS7 protocol, which routes calls between switching centers, is insecure. Is...

that the case? If so, what security measures could be put in place to mitigate the threat?

Yes, this is a deeply researched issue and a pretty well-documented attack against the SS7 protocol.

Developed in 1975, SS7 (which stands for Signaling System No. 7) is a signaling protocol that allows carriers to set up and tear down phone line connections, translate phone numbers, and yes, SMS -- the ubiquitous texting protocol we all use every day.

The attack in question is essentially a man-in-the-middle attack on cell phone communications that, among other things, exploits the lack of authentication in the communication protocols that run on top of SS7. Given the proper access, criminal hackers or government spies could track cell phone users' movements and communications.

But here's the catch: you need SS7 access from a network operator or telecommunications provider -- not something your everyday criminal hacker has easy access to. But, certainly, every government that desires to spy on its citizens can access these networks and do as they wish.

So what can you do to prevent issues involving the SS7 protocol?

If you're afraid of an attacker with ill intent targeting your employees (especially executives) or you don't want your users to be spied on, you can have them stop talking and texting on their cell phones. I know this sounds tongue-in-cheek, but what's the alternative? Super-secretive messaging over proprietary protocols and systems? The Blackphone? Skype? Outside of the carriers and telecom vendors changing the way things work, I don't know that there's a reasonable way to prevent such eavesdropping. That's like expecting Microsoft to drop the Windows NT-based registry or the decades-old SMB protocol in future versions of Windows to help prevent attacks. I don't think it's going to happen.

Ask the Expert:
Have a question about network security? Send it via email today. (All questions are anonymous.)

Next Steps

Learn more about telecommunications and network security in this CISSP training guide

This was last published in June 2015

Dig Deeper on IPv6 security and network protocols security