Attacks on SS7 - how safe is my data?


A few days ago reports emerged that attackers have exploited a weakness in a communication protocol which is used for SMS services by mobile carriers. This has increased the susceptibility of processes such as mTAN significantly. We will take a look at the facts and backgrounds as well as measures you can take to stay secure.

What is SS7?

In short, SS7 is a communication protocol suite. It was developed in 1975 and has since been in use by phone and mobile carriers for a number of purposes, such as call routing, billing and delivery of text messaages. Providers can make sure that the caller is billed for the air time and that text messages arrive where they are supposed to. The protocol suite is also used to determine whether or not a SIM card is still valid or not. It allows porting phone numbers as well. Its primary use is for communications between access nodes within and across carrier networks.  It also enables carriers to locate a device with relative precision within 50 meters. There is a legitimate reason for this as well: a provider needs this information to enable a phone call to be switched from one cell tower to the next without dropping the connection (e.g. if you are driving). Otherwise the connection would drop each time a new cell tower is contacted during a conversation.

How secure is SS7?

At the time the protocol was developed, many modern threat scenarios did not exist. Therefore, the protocols that are part of SS7 are inherently insecure. It would be incorrect, though, to speak of  a security flaw, since security as we understand it today, was never part of the project to begin with. And something that was not part of it cannot really be "broken". If you are of a cynical nature, you might even say "It's not a bug, it's a feature".  The protocol still works to this day. This may sound like splitting hair, but it is important in this case: we are dealing with a protocol that is about 45 years old and in use across the globe. It is universally compatible and allows cooperationo between different national as well as international carriers. In this kind of ecosystem, fundamental changes can only be implemented in long-term projects, if at all.  In retrospect you would be right to see this as a "design flaw", but this is as far as you could go. Otherwise you would have had to predict the intire development that the internet would undergo as early as the 1980s. After all, the internet that we all know today did not exist back then and it's predecessor, ARPANet, was only accessible for a select few. The security of SS7 relied on the fact that the required technology was only accessible to telco providers and not available for the average person. By the way, SS7 is by no means the only technology that has been in use for the past few decades practically unchanged and is considered insecure by modern standards: since about 1986, the automotive industry has been using (and is still using) the CANBUS system. It is responsible for communications between different parts of the electronic innards of a car. In its original form it also did not have any authentication built in.  Security was subsequently added as an afterthought.

Risk potential

Many users are worried about those reports, and understandably so. After all, the attacks on the protocol's functions make it possible to intercept and eavesdrop on phone calls. However, this is not a new phenomenon by any stretch: researchers have been warning about possible abuse scenarios as early as 2010. In 2014, a researcher demonstrated some attacks against SMS services during the Chaos Computer Congress in Hamburg, Germany. The main issue is that any SMS based authentication methods (such as mTAN) are now at risk from attacks and compromise. So far this has only been an academic matter for which only a proof of concept existed. Now criminals have made use of the method to go on a heist, using the weaknesses of SS7. So if you are using mTAN to secure your online banking, you are at risk, as the report (source in German) on the heist shows. In this attack, data gleaned from phishing campaigns was used to intercept TANs what were sent via SMS . Those TANs were then used to perform transactions in favor of the criminals.

Which data is not at risk?

Although the reports paint a rather sinister and dramatic picture, all is not lost: Data transmissions are not at risk from being attacked using the SS7 vulnerabilities. A criminal is able to divert calls or SMS text messages by attacking SS7, but he will not have access to the data link from a device. This is also true for any data that is processed on a PC, even if a mobile internet uplink is used.

How can I protect myself?

Since the SS7 attacks are not directed against your devices but against the carrier's infrastructure, there are only limited capabilities to counter the threat from a mobile phone user's perspective. By now, carriers have reacted and taken measures that make it difficult to exploit SS7 weaknesses without putting in a significant amount of effort. For instance, in Germany, there was only one carrier still susceptible to the described attacks at the time this article was written (May 8, 2017). The most effective way to make mTAN based online banking secure again is to use alternative means of transaction authorization. In fact, as soon as the first reports about the possibility to compromise the SMS channel, security experts have recommended in no uncertain terms to abandon this method of authentication. Those concerns have now been confirmed. For all intents and purposes, the security of the SMS channel must be considered "broken" since it can be compromised without the user being aware of it. For a while, banks (at least in Germany) have disabled mTAN for customers who use the bank's own app on their mobile devices. Banks now recommend to use the ChipTAN process which involves a second physical device into which the ATM card is inserted. In order to generate a TAN for a transaction, all the user needs to do is insert his card and press a button. Some online platforms also use SMS to transmit one-time passwords as part of a multifactor authentication. If the platforms you use offer this possibility, you can also switch to a hardware-based token (e.g. Yubikey) for login authentication. There is also a possibility to use an app for this which generates one-time passwords for  configured services, so this is also an option you may want to look into.

To protect voice calls from eavesdropping, alternative methods for voice services can be used. As mentioned earlier, data links are not susceptible to the attacks described here. WhatsApp and other messengers such as Signal also offer voice communication via an encrypted connection. In any case, the attacks against SS7 puts phishing in the spotlight again, since data collected in phishing campaigns can be used to mount an attack against individual users.