SS7 (Common Channel Signaling System No. 7 or C7) has been the industry standard since, and hasn’t advanced much in decades. It’s outdated security concepts make it especially vulnerable to hackers.
SS7’s success has also, in a way, been its curse. At least when it comes to cyber security. The SS7 protocol is used everywhere, and is the leading protocol for connecting network communication worldwide.
As such, SS7 is an attacker’s best friend, enabling them access to the same surveillance capabilities held by law enforcement and intelligence agencies.
How does SS7 work?
The set of SS7 telephony signaling protocols is responsible for setting up and terminating telephone calls over a
digital signaling network to enable wireless cellular and wired connectivity. It is used to initiate most of the world’s public telephone calls over PSTN (Public Switched Telephone Network)
Over time other applications were integrated into SS7. This allowed for the introduction of new services like SMS, number translation, prepaid billing, call waiting/forwarding, conference calling, local number portability, and other mass-market services.
Components and elements that make up the SS7 Protocol Stack –
ss7 protocol setup
SS7 attacks are mobile cyber attacks that exploit security vulnerabilities in the SS7 protocol to compromise and intercept voice and SMS communications on a cellular network. Similar to a Man In the Middle attack, SS7 attacks target mobile phone communications rather than wifi transmissions.
How do SS7 attacks work?
SS7 attacks exploit the authentication capability of communication protocols running atop the SS7 protocol to eavesdrop on voice and text communications. All cyber criminal would need to successfully launch an SS7 attack are a computer running Linux and the SS7 SDK – both free to download from the Internet.
Once connected to an SS7 network, the hacker can target subscribers on the network while fooling the network into thinking the hacker device is actually an MSC/VLR node.
When a hacker successfully performs a MitM phishing attack, they gain access to the same amounts and types of information that are usually reserved for the use of security services. Having the ability to eavesdrop on calls and text messages, as well as device locations empowers hackers to gain valuable information.
A common security precaution used by many is one of the targets of SS7 attacks. Two-factor authentication (also known as 2FA) via SMS using SS7 is inherently flawed as these SMS messages are unencrypted and hackers know how to intercept them. With the code from the SMS in their hand, a cyber-criminal can potentially reset your password to Google, Facebook, Whatsapp account or even your bank account.
HOW TO BYPASS OTP WITH SS7 ATTACK
BYPASSING OTP ?
STONE AGE
People used to just enter their email and pass to login.
It still is there for majority of sites but some have 2FA[OTP] as optional and some have it mandatory.
BECAUSE PEOPLE CAN HACK/CRACK YOUR EMAIL/PASS EASY
WITH OTP EVEN IF THEY CAN, THEY WONT BE ABLE TO LOGIN
WHATS THE OTHER WAY ROUND THIS?
There are tons of other ways to bypass OTP but the most popular and bit of HQ is SS7 Attack.
Comment down below the thread if you want me to write those up too.
Because the global telephonic communication runs on it.
Old Protocal but hasnt been changed much.
What Tools needed for this Attack?
Our freind roobbin got an app in his phone which lets him login to his account after entering the credentials and an OTP generated on Real-Time.
Then from there the HLR sends the request to VLR[Virtual Location Register - It temporarilhy stores our mobile info till connection time out].
SS7 Fakes VLR Address and put the hackers machine address in it.So, basically we are tricking the system into beleiving our address to be the users address we need to get the OTP from.
Now you know what...HLR will transmit the details to the fake VLR and hackers gonna get all the details flowing in and out the the victims mobile !
Comments
Post a Comment