What Is SS7 and Why Does It Matter?

Signaling System No. 7 (SS7) is a set of telephony protocols developed in 1975 that underpins nearly every voice call, SMS message, and roaming connection made worldwide. Despite its age, SS7 remains the backbone of global telecommunications — and it was designed in an era when network access was tightly controlled and trust between carriers was assumed.

That assumption of trust is now a severe liability. Because any entity with access to the SS7 network can send protocol messages, attackers who gain entry can exploit the system to intercept calls, read text messages, and track users' physical locations — all without ever touching the victim's device.

How SS7 Attacks Work

SS7 exploits generally fall into three categories:

  • Location Tracking: By sending specific SS7 "Any Time Interrogation" (ATI) queries to a carrier, an attacker can retrieve a subscriber's approximate location — often without any visible indication to the victim.
  • Call and SMS Interception: Attackers can reroute calls and SMS messages through their own systems before forwarding them to the intended recipient. This is especially dangerous for SMS-based two-factor authentication (2FA), as one-time passwords can be silently captured.
  • Denial of Service: Malicious SS7 messages can deregister a subscriber from their home network, effectively cutting off their service — a tactic sometimes used ahead of SIM swap fraud.

Who Is at Risk?

While the average consumer is unlikely to be individually targeted, high-value individuals — executives, politicians, journalists, and activists — face genuine risk. More broadly, organizations that rely on SMS-based authentication for employee logins or customer accounts are exposed to credential theft at scale.

What Carriers Are Doing About It

The telecom industry has acknowledged SS7 vulnerabilities for years, and several mitigation strategies are in use:

  1. SS7 Firewalls: Carriers deploy specialized firewalls that filter abnormal or unauthorized SS7 messages at network ingress points.
  2. Message Filtering Rules: Blocking ATI queries and unsolicited location requests from unknown or untrusted nodes reduces the attack surface.
  3. Diameter Monitoring: Modern 4G/LTE networks use the Diameter protocol, which introduces similar risks. Monitoring for anomalous Diameter traffic is now a standard security practice.
  4. Migration to 5G: 5G's architecture addresses many legacy signaling weaknesses by requiring mutual authentication between network nodes, though the transition will take many years.

What You Can Do to Protect Yourself

End users cannot fix SS7 directly, but they can reduce their exposure:

  • Replace SMS-based 2FA with authenticator apps (such as TOTP-based apps) or hardware security keys wherever possible.
  • Use end-to-end encrypted messaging apps rather than standard SMS for sensitive communications.
  • Be aware of unexplained service outages, which may indicate a deregistration attack.
  • Enterprises should conduct telecom security assessments to identify which systems still rely on SMS authentication.

The Bigger Picture

SS7 vulnerabilities are a stark reminder that critical infrastructure built decades ago often carries security assumptions that no longer hold. While full remediation requires industry-wide action and continued migration to modern protocols, awareness is the first line of defense. Individuals and organizations that understand these risks can take practical steps to reduce their exposure today.