• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

ShadowLeak: Radware Uncovers Zero-Click Attack on ChatGPT

 | 

SonicWall warns customers to reset credentials after MySonicWall backups were exposed

 | 

CVE-2025-10585 is the sixth actively exploited Chrome zero-day patched by Google in 2025

 | 

Jaguar Land Rover will extend its production halt into a third week following a cyberattack

 | 

China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy

 | 

Microsoft and Cloudflare teamed up to dismantle the RaccoonO365 phishing service

 | 

DoJ resentenced former BreachForums admin to three years in prison

 | 

Apple backports fix for actively exploited CVE-2025-43300

 | 

New supply chain attack hits npm registry, compromising 40+ packages

 | 

Cybercrime group accessed Google Law Enforcement Request System (LERS)

 | 

China-linked Mustang Panda deploys advanced SnakeDisk USB worm

 | 

Insider breach at FinWise Bank exposes data of 689,000 AFF customers

 | 

Hackers steal millions of Gucci, Balenciaga, and Alexander McQueen customer records

 | 

Fairmont Federal Credit Union 2023 data breach impacted 187K people

 | 

UK ICO finds students behind majority of school data breaches

 | 

INC ransom group claimed the breach of Panama’s Ministry of Economy and Finance

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 62

 | 

Security Affairs newsletter Round 541 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

ShinyHunters Attack National Credit Information Center of Vietnam

 | 

FBI warns of Salesforce attacks by UNC6040 and UNC6395 groups

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Security
  • New security flaws in the SS7 protocol allow hackers to spy on phone users

New security flaws in the SS7 protocol allow hackers to spy on phone users

Pierluigi Paganini December 19, 2014

German researchers have announced the discovery of news security flaws in SS7 protocol that could be exploited by an attacker to spy on private phone calls.

A team of German researchers has discovered security flaws that be exploited by a threat actor to spy on private phone calls and intercept text messages on a large scale, even when the mobile cellphone are using the most advanced encryption now available.

The flaws will be reported at the next hacker conference in Hamburg, and once again the attackers will exploit insecurity in the SS7 protocol, also known as Signaling System Number 7, that is the protocol suite used by several telecommunications operators to communicate with one another with directing calls, texts and Internet data.

The researchers also explained that the flaws in the SS7 protocol could be also exploited by criminal crews to defraud users and cellular carriers.

“The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s cellular carriers to route calls, texts and other services to each other. Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.

The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network.” reports The Washington Post.

The SS7 protocol allows cell phone carriers to collect location data related to the user’s device from cell phone towers and share it with other carriers, this means that exploiting the SS7 a carrier is able to discover the position of its customer everywhere he is.

In a previous post, I explained that surveillance vendors using the SS7 protocol are able to geo-localize users with great precision.

“The tracking technology takes advantage of the lax security of SS7, a global network that cellular carriers use to communicate with one another when directing calls, texts and Internet data.” reports the Washington Post. 

As explained by the researchers, the problem resides in the intrinsic security of the Protocol that is considered outdated due to the presence of several serious security vulnerabilities which can lead to the violation of the privacy for billions of mobile users worldwide.

In time I’m writing, the researchers haven’t provided other information on the security vulnerabilities discovered in the SS7 protocol, but the experts believe that hackers can exploit them to track an individual or redirect user calls to the attackers.
SS7 protocol
The attack scenario is worrying and open the door to massive surveillance activities, The American Civil Liberties Union (ACLU) has also warned people against possible abuse of such vulnerabilities by Intelligence agencies and Law enforcement.

“Don’t use the telephone service provided by the phone company for voice. The voice channel they offer is not secure,” principle technologist Christopher Soghoian told Gizmodo. “If you want to make phone calls to loved ones or colleagues and you want them to be secure, use third-party tools. You can use FaceTime, which is built into any iPhone, or Signal, which you can download from the app store. These allow you to have secure communication on an insecure channel.”

Unfortunately, the vulnerabilities into SS7 protocol will continue to be present, even as cellular carriers upgrade to advanced 3G technology to avoid eavesdropping.

“But even as individual carriers harden their systems, they still must communicate with each other over SS7, leaving them open to any of thousands of companies worldwide with access to the network. That means that a single carrier in Congo or Kazakhstan, for example, could be used to hack into cellular networks in the United States, Europe or anywhere else.” states the Washington Post

“It’s like you secure the front door of the house, but the back door is wide open,” said Tobias Engel, one of the German researchers.

The team of researchers did not find evidence that the flaws discovered have been “marketed” to governments on a widespread basis, anyway it is impossible to understand is intelligence agencies are already exploiting them for their operations.

“Many of the big intelligence agencies probably have teams that do nothing but SS7 research and exploitation. They’ve likely sat on these things and quietly exploited them,” Soghoian said.

 Stay Tuned for further information …
[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  SS7 protocol, surveillance)


facebook linkedin twitter

ACLU American Civil Liberties Union eavesdropping GCHQ NSA SS7 protocol surveillance The Washington Post

you might also like

Pierluigi Paganini September 18, 2025
ShadowLeak: Radware Uncovers Zero-Click Attack on ChatGPT
Read more
Pierluigi Paganini September 18, 2025
SonicWall warns customers to reset credentials after MySonicWall backups were exposed
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    ShadowLeak: Radware Uncovers Zero-Click Attack on ChatGPT

    Hacking / September 18, 2025

    SonicWall warns customers to reset credentials after MySonicWall backups were exposed

    Data Breach / September 18, 2025

    CVE-2025-10585 is the sixth actively exploited Chrome zero-day patched by Google in 2025

    Uncategorized / September 18, 2025

    Jaguar Land Rover will extend its production halt into a third week following a cyberattack

    Security / September 18, 2025

    China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy

    APT / September 17, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT