In the world of technology, the infrastructure we rely on often moves slower than the devices and apps we use. One example of this lag is SS7, a telecommunications protocol that dates back to the 1980s. Despite being outdated, SS7 is still in widespread use today, even though it has some pretty serious security vulnerabilities. Linus Tech Tips and Veritasium recently demonstrated just how easy it is to exploit these flaws, showing how phone calls, messages, and two-factor authentication (2FA) can be intercepted using SS7.
SS7, or Signaling System No. 7, was designed in an era when the telecommunications landscape was dominated by a few large operators, all of whom trusted each other. It was meant to be a secure, closed system. But the world has changed since then. Today, thousands of entities, many of which are far less trustworthy, have access to SS7. The result is a protocol that exposes millions of people to location tracking, call interception, and text message hijacking.
The vulnerabilities in SS7 aren’t new. Security researchers have been trying to expose them for years. And while some telecom providers have tried to patch things up by adding firewalls or encryption, the core problem remains: SS7 was never designed for the modern world. It’s like trying to secure a house with a flimsy lock when the door itself is made of cardboard.
The Real-World Impact
Linus’ recent experience with SS7 shows how even those who are tech-savvy can fall victim to its weaknesses. Hackers were able to intercept his phone calls and redirect them without his knowledge. They could even steal his 2FA codes. This is a big deal because SMS-based 2FA is still widely used by banks and other services to secure accounts. But as Linus’ case demonstrates, SMS 2FA is far from secure when SS7 is involved.
The fact that hackers only need a phone number to compromise calls and messages reveals just how vulnerable people are. Worse still, SS7 doesn’t even rely on GPS to track someone’s location. It uses older methods like triangulation between cell towers, which can pinpoint your location to within 100 meters. This makes it a powerful tool for governments and criminals alike, who use it to track individuals without their knowledge.
One particularly chilling example is the case of Princess Latifa, who tried to escape her father, the ruler of Dubai. During her escape attempt, her communications were intercepted using SS7, allowing authorities to track her down. It’s a stark reminder of how this vulnerability can have real-world consequences.
A Legacy of Exploits
The vulnerabilities in SS7 are reminiscent of the early days of phone hacking, known as “blue boxing.” Back in the 1970s, Steve Jobs and Steve Wozniak, the founders of Apple, built a device called a blue box that allowed them to hack into phone networks and make free long-distance calls. They exploited a 2600Hz tone that tricked the phone system into thinking they were authorized operators. It’s fascinating that the same kind of vulnerabilities exploited by Jobs and Wozniak still exist today, albeit in a more sophisticated form.
SS7 was designed for a world where only a handful of operators needed access to the network. But today, there are over 1,200 operators and 4,500 networks that need SS7 access, many of which are less trustworthy. This has made the network far more vulnerable to attacks. Hackers can gain access to SS7 for as little as a few thousand dollars per month, leasing access from legitimate companies that have been bribed or hacked.
The Slow Transition to 5G
So why hasn’t SS7 been replaced yet? The answer is complicated. While 5G offers more secure signaling protocols, SS7 is still integral to 2G and 3G networks, which are widely used around the world. Phasing out SS7 would require a massive overhaul of global telecommunications infrastructure, and that’s not something that can happen overnight. In fact, it could take another 10 to 20 years to fully transition away from SS7.
The slow transition from SS7 to 5G illustrates the challenge of overhauling legacy systems. It’s not just about introducing new technology; it’s about ensuring that the entire ecosystem can support it. And as long as SS7 remains a critical part of our telecommunications infrastructure, its vulnerabilities will continue to be a problem.
Protecting Yourself
So, what can you do to protect yourself from SS7-based attacks? Unfortunately, there’s not much you can do at the individual level to prevent your phone from being tracked or your calls intercepted. The vulnerability is baked into the infrastructure. However, there are steps you can take to mitigate the risks.
First, avoid using SMS-based 2FA for critical accounts like banking or email. Instead, use an authenticator app or hardware tokens, which are far more secure. You should also rely on encrypted internet-based calling services like Signal or WhatsApp for sensitive conversations. These apps use end-to-end encryption, which means that even if someone intercepts your communication, they won’t be able to read it.
Ultimately, the responsibility for fixing SS7 lies with the telecommunications industry. Companies and governments need to push for a global transition to more secure protocols, like those used in 5G. Until then, billions of people will remain vulnerable to simple yet devastating attacks on their privacy.
The Bigger Picture
SS7’s vulnerabilities highlight a larger issue: the fragility of our global communications infrastructure. As the technological world moves faster than the infrastructure it’s built on, we’re left with legacy systems that are increasingly insecure. The same vulnerabilities exploited decades ago with blue boxing persist in modern telecommunications systems, revealing just how slow we’ve been to address these issues.
In the meantime, the best thing you can do is stay informed. Understand the risks and take steps to protect yourself where you can. It may not be a perfect solution, but until the industry catches up, it’s the best we’ve got.
