What is SS7 Vulnerability?
Security flaws in the SS7 telephone signaling protocol that allow attackers to intercept calls, read SMS messages, and track phone locations globally.
SS7 (Signaling System 7) is the protocol that connects phone networks worldwide. It was designed in the 1980s with no security — any network operator with SS7 access can exploit it.
What Attackers Can Do
- Intercept phone calls in real-time
- Read SMS text messages
- Track the location of any phone globally
- Redirect calls and texts to attacker-controlled numbers
Who Exploits It
- Intelligence agencies
- Surveillance companies selling tools to governments
- Criminal groups who purchase SS7 access
Why It Isn't Fixed
- Requires global coordination among all telecom carriers
- Legacy equipment can't be easily upgraded
- Some governments want the vulnerability to remain for surveillance
Protection
- Never use SMS for anything sensitive (especially 2FA)
- Use Signal or other E2E encrypted messengers for calls and texts
- VoIP numbers are not affected by SS7
- Assume your carrier can be compromised
Related Terms
IMSI Catcher
A device that impersonates a cell tower to intercept mobile phone communications and track the location of nearby devices.
SIM Swapping
A social engineering attack where an attacker convinces a mobile carrier to transfer your phone number to their SIM card, hijacking SMS-based authentication.
Two-Factor Authentication
A security method requiring two different types of identification to access an account: something you know (password) plus something you have (phone, hardware key) or something you are (biometric). This significantly reduces the risk of unauthorized access even if your password is compromised.
Have more questions?
Use our guided flow to get the right next privacy step for SS7 Vulnerability.
Open Guided Flow