Journal:

How SS7 Vulnerabilities Put Your Privacy at Risk

In today’s hyper-connected world, our smartphones are vital to everyday activities—whether it’s making payments, sending personal messages, or navigating through GPS. But what if someone could intercept your calls and messages, track your location, or even steal your two-factor authentication codes—all without ever touching your phone? In a recent Veritasium video, cybersecurity experts demonstrated the shocking vulnerabilities of an outdated yet widely-used protocol called SS7 (Signaling System No. 7). Thankfully, solutions like OffGrid Faraday Bags offer a powerful way to protect your privacy in this increasingly vulnerable digital landscape.

 What is SS7 and Why Does It Matter?

 SS7 is a telecommunications protocol introduced in the 1980s that still underpins much of the global mobile infrastructure. It enables functions like call routing, billing, and roaming across networks. But its outdated architecture makes it an easy target for hackers who can exploit its weaknesses to intercept calls and messages, track your phone’s location, and even hijack your two-factor authentication (2FA) codes. The alarming fact is that SS7 vulnerabilities affect millions of phones worldwide, posing a real risk to everyone—especially high-profile targets like executives, activists, and public figures.

 How Steve Jobs and Wozniak Pioneered Phone Hacking

 Long before Apple revolutionized the tech industry, Steve Jobs and Steve Wozniak engineered an exploit that capitalized on vulnerabilities in the telephone system. They developed a device called the Blue Box, which could hack long-distance call systems, allowing free international calls. This early example of phone hacking set the stage for the more sophisticated exploits we see today with SS7.

 Modern SS7 Exploits: The Ease of Digital Eavesdropping

 In Veritasium’s video, the team demonstrates how they hacked into Linus Sebastian’s (from Linus Tech Tips) phone without ever physically accessing it. By exploiting the SS7 protocol, they intercepted calls meant for Linus on their own devices. This kind of attack can be executed in three basic steps:

 

Infiltrate SS7: Hackers gain access to the SS7 network, often by leasing a Global Title (GT) for as little as $13,000 a month from shady providers.

Gain Trust: Hackers then acquire the target’s IMSI (International Mobile Subscriber Identity), a unique code tied to your SIM card, allowing them to intercept calls and texts.

Launch the Attack: With access to SS7 and the target’s IMSI, hackers can reroute calls and messages to their own devices, leaving the target unaware.

 During the demonstration, Linus’s calls were intercepted and rerouted, proving just how vulnerable phone users are to SS7 hacks.

 The Tragic Case of Princess Latifa: When SS7 Attacks Become Deadly

 The vulnerability of SS7 isn’t just a theoretical concern—it has real-world consequences. Princess Latifa of Dubai was tracked down and captured after a daring escape from her country. Her whereabouts were exposed through an SS7 attack targeting the yacht captain’s phone, which allowed agents to pinpoint their exact location. This case highlights the grave risks that come with SS7 vulnerabilities, particularly for people trying to flee oppressive regimes or those under surveillance.

OffGrid Faraday Bags: A Strong Defense Against SS7 Exploits 

While the dangers of SS7 vulnerabilities are alarming, there are ways to protect yourself—and one of the most effective solutions is using OffGrid Faraday Bags. These specially designed bags block all wireless signals, preventing your phone from connecting to cell towers, Wi-Fi networks, and Bluetooth devices. When placed inside an OffGrid Faraday Bag, your phone becomes invisible to hackers trying to track your location or intercept your calls and messages via SS7. This makes them an excellent option for anyone concerned about privacy, particularly when traveling or in high-risk situations.

Other Steps to Protect Yourself from SS7 Hacks 

Besides using OffGrid Faraday Bags, there are additional steps you can take to minimize your exposure to SS7 vulnerabilities:

Avoid SMS-based Two-Factor Authentication: SMS-based 2FA is vulnerable to interception via SS7. Instead, use more secure methods such as authentication apps (e.g., Google Authenticator) or hardware tokens like YubiKey.

Use Encrypted Communication Apps: Opt for encrypted messaging and calling services like Signal or WhatsApp for sensitive conversations. These apps provide end-to-end encryption, making it much harder for hackers to intercept your communications, even if they infiltrate the SS7 network.

 Why SS7 is Still Around: The Legacy Problem

 Even though the SS7 protocol is outdated and vulnerable, it continues to be used because it underpins 2G and 3G networks. These older technologies are still in place across much of the world, making a complete transition to more secure 4G and 5G protocols slow. Unfortunately, this means SS7 vulnerabilities will persist for years, possibly decades, putting millions of devices at risk.

 A Wake-Up Call: The Future of Telecommunications Security

 The 5G signaling protocol offers more robust security features that can prevent SS7-style attacks. However, as long as SS7 is still used for routing calls between networks, the threat remains. And even once SS7 is phased out, new vulnerabilities will inevitably emerge in the future. That’s why staying informed and adopting protective measures—like using OffGrid Faraday Bags and encrypted communications—is essential for safeguarding your privacy.

 Conclusion: Take Control of Your Digital Security

 The world of digital communication is fraught with security challenges, and SS7 vulnerabilities are among the most concerning. From tracking your location to intercepting your two-factor authentication codes, hackers can exploit SS7 to gain access to sensitive information. However, with solutions like OffGrid Faraday Bags, you can significantly reduce your exposure to these threats, ensuring your phone remains secure even in the face of sophisticated SS7 attacks.

 For a deeper dive into SS7 vulnerabilities and a live demonstration of these hacks, check out the full video on Veritasium here.