Why bother to teach an old dog new tricks when the old ones are still working well?
You may well ask! A recent piece in El Reg ‘Stingray phone stalker tech used near White House, SS7 abused to steal US citizen’s data is a salient reminder that sometimes the old ones are the best.
The SS7 vulnerability is well documented, and indeed it was one of the first topics that we wrote about in this blog (What’s up with WhatsApp).
To recap, SS7 stands for Signalling System No 7 (also called the Common Channel Signalling System 7 in the US or Channel Interoffice Signalling 7 in the UK), and is the system that connects mobile phone and landline networks to each other. SS7 protocols enable phone networks to exchange information needed to process calls and text messages across disparate networks (including roaming on foreign networks), and to ensure correct billing. It also enables local number portability, prepaid payments, SMS and number translation. However, SS7 was designed nearly 40 years ago, long before phone hacking was considered a serious threat and flaws in SS7 enable an attacker to mimic a victim’s device.
This particular hack is typically used to steal personal data and to snoop. While it is used by nation states, there is equipment available on the dark web for a few hundred bucks (see: With prices like these – anyone could be listening to your mobile calls!) that brings this type of hack into the domain of almost any tech-savvy criminal.
If it can happen near the White House, it can happen anywhere. Time to review your mobile phone security. If you or your staff discuss details of sensitive deals, intellectual property, confidential meetings, or industrial/commercial secrets by mobile, using voice, video, message/text, or send attachments, and if you want them to remain private, you need to use a seriously secure mobile comms service.
Contact us today for more information:
Tel: +44 (0)20 36 37 38 01