Exploit SS7 to Redirect Phone Calls/SMS
An adversary could exploit signaling system vulnerabilities to redirect calls or text messages (SMS) to a phone number under the attacker's control. The adversary could then act as a man-in-the-middle to intercept or manipulate the communication.      Interception of SMS messages could enable adversaries to obtain authentication codes used for multi-factor authentication.
|M1009||Encrypt Network Traffic||
Use of end-to-end encryption of voice calls and text messages "provides another layer in the defense against potential information compromise by SS7 enabled eavesdropping."
Network carriers may be able to use firewalls, Intrusion Detection Systems (IDS), or Intrusion Prevention Systems (IPS) to detect and/or block SS7 exploitation as described by the Communications, Security, Reliability, and Interoperability Council (CSRIC).  The CSRIC also suggests threat information sharing between telecommunications industry members.
- Tobias Engel. (2014, December). SS7: Locate. Track. Manipulate.. Retrieved December 19, 2016.
- Tobias Engel. (2008, December). Locating Mobile Phones using SS7. Retrieved December 19, 2016.
- 3GPP. (2000, January). A Guide to 3rd Generation Security. Retrieved December 19, 2016.
- Positive Technologies. (n.d.). SS7 Attack Discovery. Retrieved December 19, 2016.
- Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017.
- Iain Thomson. (2017, May 3). After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts. Retrieved November 8, 2018.
- Bill Marczak, John Scott-Railton, Siddharth Prakash Rao, Siena Anstis, and Ron Deibert. (2020, December 1). Running in Circles Uncovering the Clients of Cyberespionage Firm Circles. Retrieved December 23, 2020.