SS7 Vulnerability Mitigation

A number of significant vulnerabilities exists in the Signalling System 7 (SS7) core infrastructure of cellular network carriers. If carriers don't take appropriate actions to mitigate these vulnerabilities, users of the carriers' cellular networks (individuals, businesses, governments) are exposed on their mobile devices (and any other devices connected to cellular networks) to SS7-based hacking attacks.


The Vulnerabilities


A variety of SS7 vulnerabilities exist for street-level mobile phone localisation, data theft, remote call interception and more. Some basic examples include:

  • Real-time call interception: the call is routed
    to the attacker's system, the attacker bridges the
    call to the originally called party and records
    the conversation.


  • Billing fraud: one method of billing fraud is by the
    attacker using USSD codes to execute remote
    commands on behalf of the subscriber, transfer
    prepaid credits via USSD to the attacker, and
    forward call setting/deletion without the
    subscriber's knowledge.


  • Cell-level tracking: it is possible in cities to track
    subscribers down to street level; the HLR block/filter
    can be bypassed by querying the Visitors Location
    Register instead and still obtain the global cell ID
    for the subscriber.




The Solution - Detect, Protect and Penetration Test


For cellular carriers in NZ, Fiji and Solomon Islands and elsewhere across Polynesia and Melanesia, ARC Solutions can help you mitigate your nationwide cellular network risks from SS7 vulnerabilities through our partnership with ESD America/GSMK Cryptophone.


  • ESD Oversight Detect - provides the cellular network carrier an ongoing analysis of protocol data and alarm/logging of events. This is performed without network interference via a passive network tap connection.

  • ESD Oversight Protect - provides an active cellular firewall for the carrier's cellular network.

  • ESD Oversight Penetration Testing SS7 Vulnerabilities - provides a cellular carrier the means to find out to what extent network elements (HLR, VLR/MSC, SGSN) under the carrier's management are vulnerable to known SS7 attacks.


The benefits for carriers using our partners' solutions include reduced costs in billing fraud, safer networks through reduced unrecognised SS7 traffic requests and less foreign surveillance activity on the networks.


ARC Solutions is ESD America's authorised reseller of ESD Oversight, ESD Overwatch (IMSI catcher solution) and ESD/GSMK Cryptophone (encrypted phones).


Contact ARC Solutions anytime to arrange a private, confidential, encrypted and secure conversation about your carrier's or country's requirements.


Real time call interception using SS7
Billing fraud using SS7
Cell level attack using SS7