The Good, the Bad, and the Encoding An SS7 Bypass Attack

There are two kinds of SS7 commands, my friend: the harmless ones… and the ones that can blow things up…

… Okay, that may be an exaggeration, however just like the characters in Spaghetti Westerns, the commands encountered in the SS7 landscape come in a wide range of shapes and sizes and can sometimes be difficult to interpret (or most importantly, process safely). SS7 commands (or PDUs) that are not processed correctly pose significant risks, potentially resulting in the equivalent of a signaling “zero-day” enabling any of the wide range of attacks possible via SS7.

A Fistful of Exploits

Several effective SS7 bypass attack techniques have emerged in the past few years, to bypass new defenses that have been put in place over time. While not numerous, they do emerge on a fairly regular basis, as would be expected from attackers who are paid large sums of money to devise new ways of avoiding defenses. A table summarizing the SS7 bypass attacks encountered in real-life over the last few years is below.

To read the complete article see: Link to full article 🌐