T1449 Exploit SS7 to Redirect Phone Calls/SMS
An adversary could exploit signaling system vulnerabilities to redirect calls or text messages (SMS) to a phone number under the attacker’s control. The adversary could then act as an adversary-in-the-middle to intercept or manipulate the communication. 1 2 3 4 5 Interception of SMS messages could enable adversaries to obtain authentication codes used for multi-factor authentication6.
| Item | Value |
|---|---|
| ID | T1449 |
| Sub-techniques | |
| Tactics | TA0038 |
| Platforms | Android, iOS |
| Version | 1.2 |
| Created | 25 October 2017 |
| Last Modified | 28 July 2021 |
Procedure Examples
| ID | Name | Description |
|---|---|---|
| S0602 | Circles | Circles can intercept voice calls and SMS messages.7 |
Mitigations
| ID | Mitigation | Description |
|---|---|---|
| M1009 | Encrypt Network Traffic | Use of end-to-end encryption of voice calls and text messages “provides another layer in the defense against potential information compromise by SS7 enabled eavesdropping.”5 |
| M1014 | Interconnection Filtering | - |
References
-
Tobias Engel. (2014, December). SS7: Locate. Track. Manipulate.. Retrieved December 19, 2016. ↩
-
Tobias Engel. (2008, December). Locating Mobile Phones using SS7. Retrieved December 19, 2016. ↩
-
3GPP. (2000, January). A Guide to 3rd Generation Security. Retrieved December 19, 2016. ↩
-
Positive Technologies. (n.d.). SS7 Attack Discovery. Retrieved December 19, 2016. ↩
-
Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017. ↩↩
-
Iain Thomson. (2017, May 3). After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts. Retrieved November 8, 2018. ↩
-
Bill Marczak, John Scott-Railton, Siddharth Prakash Rao, Siena Anstis, and Ron Deibert. (2020, December 1). Running in Circles Uncovering the Clients of Cyberespionage Firm Circles. Retrieved December 23, 2020. ↩