In the mid-1960s, a group of skilled hackers known as “phone phreaks” discovered that a whistle in a toy could manipulate phone networks, allowing them to make free calls by exploiting the telecommunications system.
In 1980, the telecommunications industry responded to these hacks by introducing the Signaling System 7 (SS7) protocol, a sophisticated system designed to thwart such intrusions.
However, over the decades, this once-effective solution has become a glaring security loophole in our modern era, characterized by the widespread use of mobile phones, as noted in a report by The Economist.
The SS7 protocol, a pioneering innovation in its time, created a robust framework for managing voice and data signals separately, effectively ending the era of phone hacking. But as telecommunications technology evolved, so did the threats. It became easy for network hackers to bypass the old security measures.
Some governments have exploited these security loopholes. Reports indicate that Russian authorities used the SS7 protocol to track dissenters, and earlier this year, the SS7 protocol within the United States was targeted in similar attacks.
The protocol was designed on a basis of trust rather than security. When it was first introduced, only a few telecommunications companies could use it, eliminating the need for intensive security measures. But with the evolution of telecommunications, thousands of companies, many of them private, now have access to this protocol.
The global expansion of the protocol is both a strength and a weakness. It requires coordinated efforts between telecommunications companies and regulatory bodies to mitigate these risks.
Solutions to the weaknesses in this protocol include using filters to monitor and block suspicious data traffic, providing two-factor authentication codes via apps rather than SMS, and relying on end-to-end encrypted messaging apps.
If protection measures are applied by some companies and ignored by others, the system as a whole remains vulnerable. Therefore, international intervention is necessary to enforce comprehensive security measures in the field of telecommunications.
