The C7 / SS7 mobile phone vulnerability - ouch!

The security flaws within the system that brokers connections, billing and transfers messages between phone networks – called Signalling System No 7 (SS7), also know as C7 in the UK or CCSS7 in the US – allow remote access to mobile phone users’ data anywhere in the world regardless of the security of their smartphone, using just their phone number.


We definitely have to look at all systems and have security at the core of all networks. This is just another example of tagging band-aids onto networks to make them secure. It’ just does not work.


As a beginner, I can see ways of bootstrapping a SAFEphone. It is doable in some kludgy form even without a compute layer:

If there is a few seconds latency then you can at least have a half-duplex conversation in the manner of a walkie-talkie.

You start with messaging, and a text-to-speech program. In that way you get anonymity as well as privacy (making a virtue of necessity) and no meta data of any kind.

After that I would find a SIP programming library (C++ is well-catered for, nothing for Rust that I could find) and then consider how to layer it on SAFE messaging. But that’s well beyond my present skill-level.

1 Like

SafeOS, how would it work and what can we do today to make it happen?

Waiting for zksnarks isn’t pheasible, once the 1.0 network is up will MaidSafe be reconfiguring Tails for SAFE?

1 Like

As noted by many, this flaw in SS7 has been exploited by more than just dark players on the net.

You’re missing the most important part of all, which is securing the physical hardware.

We need an open source way to ensure that a circuit/cpu is exactly the same as a free specification. I’ve been tossing around the idea of using optics bouncing off transistors that projects a pattern that can be verified visually/electronically.

Redesign it from the ground-up. Take out the cellular portion because I don’t think it’s realistic right now that it’s secure when connected to cell-providers. It would be purely wifi/mesh-network connection (lacks distance but is very viable).


This was mentioned earlier in another topic

The main hack of listening in to phone calls is in the mobile network itself and not the phones. The SS7 Crack allows listening in on phone calls in the mobile network, not the phone.

the phone hack 60 minutes mentioned required the user to install a malware crack.

So if you are going to use the mobile network then it does not matter how secure your phone is, the crackers can listen in through the mobile network hardware by hacking the SS7


Not true.

From the article:

In this case, when I downloaded the attachment, Hering was able to take control of my phone. But Congressman Lieu didn’t have to do anything to get attacked.

1 Like

And if you read it the Congressman hack was the SS7 crack not a phone hack[quote=“neo, post:7, topic:8770”]
The main hack of listening in to phone calls is in the mobile network itself and not the phones. The SS7 Crack allows listening in on phone calls in the mobile network, not the phone.

phone ---->   mobile network ----->  phone
                    SS7 hack
1 Like

I was responding to this, because they showed both the SS7 hack and the malware attachment hack.

I wanted to make sure people understand the hack is a global issue they can’t control, whereas installing malware is relatively easy to avoid.

Edit: I think we’re on the same side lol

1 Like

I think so too.

but saying the phone hack of the phone was not true is not correct.

There were 2 separate things they reported on, and they themselves did a little conflating of issues.

The hack of the phone to see what the camera saw required the user to install malware.

The listening in on phone calls and locating the phone was independent of the phone and was a hack of the mobile network.

Thats all I was saying

Hahaha that’s what I was saying too.

Reminds me of CoD/Halo back in the day over the mic: “SAME TEAM!! SAME TEAM!!”

1 Like

No, you were saying that the most important factor is security of the hardware and then you dream about unobtainium.

Bypassing the public network, the source of the attack, is doable once messaging is here.

Would you need a transpatent design? Or one visible from both sides? How do you know about middle layers?

I wonder if there is a test that could be similar to what is used in radionic medicine, its a resonance test, if you can isolate the strucure with your test you look for a frequency match. Its a crystalin structure and its like going tuning fork to tuning fork. You run the optics test as well, as some software test