sundance-communications.com/forum Forums General Telecom News SS7 SECURITY VULNERABILITY

Wow, read it and then googled it, I found the some coding and blue prints on this site.

The information at Protocols.com has been available for 20+ years. The SS7 specification is a CCITT specification that was originally developed by the Bell System and was adopted by the Bell System before the other CCITT members adopted it.

The primary flaw in the SS7 is the "operation keys" used to maintain integrity of the circuit. When the system was first introduced as a "security" measure to keep central offices from going off line, the common term used was the "SS7 Ring." The term meant that ANY CO in the operating company's "ring" of offices could take over the switching load of a CO in trouble. This would insure the integrity of the network and prevent outages like the one in Manhattan after the big CO fire.

From a CO perspective, SS7 is practically bomb proof. BellCore introduced 256 bit encryption and RSA matching keys. The requester has to know the secret key of the provider before the provider will release the operating key. The keys are randomly changed every few seconds, so the possibility of a hacker figuring out a key is nearly impossible. Even if a hacker could happen on a requester key, by the time it was implemented, the operating key would have changed.

The cell companies, however, in an effort to maximize profits and reduce "maintenance bandwidth," opted for the less secure 64 bit one way encryption which does not use paired keys and is actually a wide open playground for a savvy hacker.

Rcaman