devsimsek's Blog

Illustration of a smartphone with a lock symbol glowing on top, representing secure authentication and cybersecurity, surrounded by digital connections and technological icons.

SS7 Attacks, 5G Networks, and the Evolution of Secure Authentication

Hey there! After a beautiful day in Zürich and Stuttgart, I decided to publish one of my old articles. As some of you may know, I’ve already presented this research at Atılım University under the Information Systems Community.
With this document, you’ll be able to see a summarised version of my research about SS7 and its weaknesses.

In today’s digital jungle, our personal and financial info is more exposed than ever. It’s crucial to wrap our heads around the vulnerabilities in both old-school telecom systems and the shiny new tech on the horizon. One major threat that keeps popping up is SS7 attacks, which target the signalling system used by most mobile networks worldwide. Sure, 5G is a step forward, but we still have our worries—especially with the rise of eSIM tech. In this piece, I’m diving into SS7 attacks, the challenges that come with eSIMs, and exploring 2FA methods that pack a bigger punch than your typical SMS.

Understanding SS7 Attacks

So, what’s SS7? It stands for Signalling System No. 7, a set of protocols that connect mobile networks and handle essential tasks like call forwarding, texting, and roaming between different carriers. It was dreamt up in the 70s, back when people thought security was a bit of an afterthought—like leaving your front door unlocked because you lived in a “safe neighbourhood.”

Fast forward to today, and guess what? Hackers have figured out how to exploit these SS7 weak spots. They can intercept SMS messages, eavesdrop on your calls, track your whereabouts, and even snatch those precious 2FA codes that you thought were safe. Basically, SS7 attacks throw open the doors to your mobile world, allowing some shady characters to stroll right in.

How SS7 Attacks Work

So how do the bad guys pull this off? They often masquerade as legit operators to wiggle their way into your mobile communications. Once they’re in the SS7 network, they can:

  1. Intercept SMS: They snag those 2FA codes sent through SMS, leaving your online accounts—like your bank—wide open to invasion.
  2. Track Your Location: Yep, SS7 lets attackers pinpoint where you are, shining a spotlight on your privacy (not cool!).
  3. Eavesdrop on Calls: By exploiting these vulnerabilities, they can listen in on your voice calls and catch sensitive info—talk about an invasion of privacy!

SS7 Vulnerabilities in the Age of 5G

Now, 5G is a big deal—it’s faster, with lower latency and more capacity compared to older networks like 3G and 4G. With this upgrade come enhanced security features, such as encrypted signalling and better user authentication. But here’s the catch: many networks are still dragging along outdated systems from 2G, 3G, and 4G, leaving them wide open for SS7 attacks.

While 5G is designed to tackle a lot of the SS7-related risk, it’s not a silver bullet. Cybercriminals can still take advantage of the legacy systems that hang around for backward compatibility. As we transition to a hybrid 4G-5G world, the potential for SS7 attacks remains very real.

eSIMs in 5G: The Double-Edged Sword

Enter eSIMs (embedded SIMs). They’re becoming the cool kids on the block, especially in new 5G devices. Unlike the traditional physical SIM cards, which you have to swap out, eSIMs are built into your device. They make switching carriers a breeze, but they also bring some gnarly security issues to the table:

  1. Remote Exploitation: eSIMs can be reprogrammed remotely, so if a hacker gains access to the eSIM management system, they can reroute your device to a different carrier—essentially stealing your number.
  2. Provisioning Vulnerabilities: If provisioning services are hacked, an attacker wouldn’t need to touch your device to take control of your mobile account. Yikes.
  3. SS7 Compatibility: eSIMs still rely on good old SS7 for network communication, making them susceptible to the same attacks that plague legacy systems.

Looking at Alternative 2FA Methods: Beyond SMS

Let’s get real: sticking with SMS for 2FA is risky business, given SS7 vulnerabilities. While it was a go-to option not too long ago, there are way better alternatives that offer solid protection against hijacking. Here are some of the stronger 2FA methods out there:

  1. App-Based Authentication: Think Google Authenticator, Microsoft Authenticator, or Authy. These apps generate one-time passwords (OTPs) right on your phone—no SMS involved! Since these codes don’t travel over mobile networks, they’re much harder for attackers to snag.
  2. Hardware Tokens: Devices like YubiKey or Google Titan are your best buddies. They require you to physically plug in a key to access your accounts, which means they’re super tough for remote attacks to pull off.
  3. Web-Based Messaging Services: Many organisations are ditching SMS for secure apps like WhatsApp, Signal, and Telegram, which use end-to-end encryption. Sure, they’re more secure, but keep in mind that SIM-swapping can still pose risks.
  4. Push Notifications: Apps like Duo or Google’s integrated systems send you login prompts that you can approve right from your phone. By skipping SMS, this method dodges SS7 interception.
  5. Biometric Authentication: Fingerprints, facial recognition, or iris scans add a layer of security by tying authentication to your unique physical traits. Just remember, unlike passwords, you can’t change your biometric data if it gets compromised.

The Future of Secure Mobile Communications

As we venture deeper into the 5G era, many old vulnerabilities like SS7 attacks will start to fade, though they won’t disappear overnight. SS7 remains a chink in the armour for many current mobile networks, and while eSIM technology carries some innovative perks, it’s not without its share of challenges.

To keep our communications safe and secure against SS7 vulnerabilities and eSIM risks, we all need to up our game with more robust authentication methods—think app-based OTPs, hardware tokens, and secure web messaging. By making this shift, we can protect our sensitive info and start moving away from the vulnerabilities tied to SMS-based 2FA and outdated telecom protocols.

Conclusion

SS7 attacks expose serious flaws in the mobile network setup, even with advancements like 5G and eSIMs. As these new technologies gain traction, it’s crucial to remain vigilant about the risks that legacy systems pose. Implementing stronger authentication methods—like app-based solutions, push notifications, and hardware tokens—is a smart move.

As cyber threats get increasingly sophisticated, fortifying security measures at both individual and network levels is key. By stepping away from outdated systems like SMS for 2FA and embracing the latest security advancements, we can create a safer, more secure environment for mobile communications. Let’s make sure we’re ready for whatever challenges come our way!

You can follow my journey and join the conversation on smsk.dev or GitHub. Let’s continue to share and engineer solutions to the world’s challenges together!

Subscribe to my newsletter

ABOUT ME

Hey there! I’m Metin, also known as devsimsek—a young, self-taught developer from Turkey. I’ve been coding since 2009, which means I’ve had plenty of time to make mistakes (and learn from them…mostly).

I love tinkering with web development and DevOps, and I’ve dipped my toes in numerous programming languages—some of them even willingly! When I’m not debugging my latest projects, you can find me dreaming up new ideas or wondering why my code just won’t work (it’s clearly a conspiracy).

Join me on this wild ride of coding, creativity, and maybe a few bad jokes along the way!