Exploit SS7 to Redirect Phone Calls/SMS

An adversary could exploit signaling system vulnerabilities to redirect calls or text messages (SMS) to a phone number under the attacker's control. The adversary could then act as a man-in-the-middle to intercept or manipulate the communication. [1] [2] [3] [4] [5] Interception of SMS messages could enable adversaries to obtain authentication codes used for multi-factor authentication[6].

ID: T1449
Tactic Type: Without Adversary Device Access
Tactic: Network Effects
Platform: Android, iOS
MTC ID: CEL-37
Version: 1.1

Mitigations

Mitigation Description
Encrypt Network Traffic

Use of end-to-end encryption of voice calls and text messages "provides another layer in the defense against potential information compromise by SS7 enabled eavesdropping."[5]

Interconnection Filtering

Detection

Network carriers may be able to use firewalls, Intrusion Detection Systems (IDS), or Intrusion Prevention Systems (IPS) to detect and/or block SS7 exploitation as described by the Communications, Security, Reliability, and Interoperability Council (CSRIC). [5] The CSRIC also suggests threat information sharing between telecommunications industry members.

References