So how can a target - a person, a household, a business or a country - be affected by SS7 and IMSI catchers?
With SS7 and IMSI catcher exploits you can intercept, disrupt and force offline voice, SMS, and data services, and remotely access microphone and camera, on mobile phones and other devices connected to cellular networks.
SS7 is a signalling system used to provide roaming, billing and other functionality between cellular networks. IMSI catchers are cellular communications interception systems. SS7 and IMSI catcher technologies are not new. IMSI catchers and SS7 have been in use for at least the last two decades.
The recipe for an attack against you personally, your household, your business or your country requires only a few simple ingredients.
First, a mobile phone or other device (such as a cellular connected tablet or laptop computer, or a micro controller for remote management of gas/water/electricity/traffic utilities infrastructure) needs to be used by and connected to a cellular network.
Second, the cellular network needs to be operating the SS7 system (almost all networks do). Alternatively, the attacker needs to be using an IMSI catcher near your location. An attack can also be fulfilled using SS7 and IMSI catcher exploits together.
Third, someone, some group or some entity or agency has the motive, skills and the means to want to locate, track and perhaps attack you through your cellular connected device.
Key points on SS7 and IMSI catcher cellular network and device exploits:
SS7 vulnerability and exploit mitigation primarily rests with cellular network carriers. Consider these questions: Are your state's or country's cellular network carriers safe? How do you know they are safe? Will they show independently verified proof that they're safe? Is your government demanding the carriers show independently verified proof of safety to the public?
IMSI catcher exploit mitigation doesn't necessarily rest with cellular network carriers. Consider these questions: Are you in a position of power or influence in your community, business or government? Would your adversaries want to know what you share with others and who those others are? What are you using with your communications technologies to prevent what you share with others from being intercepted by your adversaries?
SS7 and IMSI catcher attack mitigation on a particular type of mobile device is possible, but all other mobile devices do not mitigate these attack risks.
SS7 vulnerability and exploit mitigation can be proactively fulfilled with a comprehensive network penetration test from an independent expert third party, with deployment of a cellular network firewall system as a primary part of the mitigation solution.
IMSI catcher presence in the area or territory where you or your corporate or government entity operates, both onshore and overseas, can be detected, monitored and consequently mitigated in real time (by means such as counter-surveillance, or by locating, removing, disabling or destroying the IMSI catcher).
ARC Solutions is an information security and risk management consultancy. ARC Solutions is ESD America's authorised reseller of ESD Oversight (SS7 solution), ESD Overwatch (IMSI catcher solution) and ESD/GSMK Cryptophone (encrypted phone solution) in New Zealand, Fiji and Solomon Islands.
Contact ARC Solutions anytime to arrange a private, confidential, encrypted and secure conversation about how we can help you have and use secure mobile telecommunications.