Mobile networking experts from security firm Positive Technologies revealed last week a new attack that uses the SS7 mobile telecommunications protocol that allows attackers to impersonate mobile users and receive messages intended for other people.

Their proof-of-concept demonstration relied only on a cheap laptop running Linux and an SDK that enabled them to interact with the SS7 protocol.

SS7 protocol flaws are known since 2014
The Signaling System No. 7 (SS7) protocol is a standard developed in 1975 that allows telco operators to interconnect fixed line and/or mobile telephone networks.

The protocol was never updated to take into account the advancements made in current mobile technologies and remained grossly outdated.

Many security experts have warned about its lack of proper security measures ever since 2014. Infamous are two talks given by researchers at the 31st Chaos Communication Congress in Germany. Positive Technologies was also one of those companies, releasing an in-depth report about the protocol's issues in December 2014.

More recently, the protocol was subjected to public criticism after a CBS researcher with the help of a German security firm, used SS7 weaknesses to track and spy on a US elected official.


Full Article: SS7 Attack Circumvents WhatsApp and Telegram Encryption
  • Like
Reactions: DardiM and Jrs30