Text Messages and Hackers

Not many people know exactly what happens when they send a text message or make a call from their cell phone. The behind the scenes of telephony can seem complex and headache inducing but there are some things you should probably know about it. One of these things you should be made aware of is a set of signaling protocols developed in 1975 cleverly named the Signaling System Number 7, or SS7.

SS7 is a set of protocols which are used to setup and tear down most of the world’s PSTN (Public Switched Telephone Network) phone calls, local number portability, perform number translation, prepaid billing and SMS. SS7 is also considered a very insecure protocol after vulnerabilities that allow cell phone users to be secretly tracked using SS7 was publicized in 2008. In May 2017, O2 Telefonica, a German service provider, confirmed that attackers had exploited SS7 and used it to gain access to victims’ bank accounts, making unauthorized withdrawals by routing the two-factor authentication (2FA) SMS codes that the bank sends to the users’ cellphone, to the attacker’s phone.

How can you protect yourself from this SS7 vulnerability? Unfortunately, you can’t, every person with a cellphone needs SS7 to call or text each other. What you can do however is use different types of two-factor authentication like hardware or software tokens if available and use end-to-end encryption services like Signal to make calls and texts over the internet. There are even applications that can help detect if you’re being monitored like SnoopSnitch, developed by Karsten Nohls – a hacker from Security Research Labs, which can be installed on many Android phones to detect mobile network abuse.

Keeping yourself and your data protected may seem like an impossible task now a days but when you follow best practices, stay patched, keep up on the latest news and always be aware, you might just get out with only a scratch. To learn more about how to protect yourself and your business contact Thrive today!