Mobile networking experts from security firm Positive Technologies revealed last week a new attack that uses the SS7 mobile telecommunications protocol that allows attackers to impersonate mobile users and receive messages intended for other people.
Their proof-of-concept demonstration relied only on a cheap laptop running Linux and an SDK that enabled them to interact with the SS7 protocol.
SS7 protocol flaws are known since 2014
The Signaling System No. 7 (SS7) protocol is a standard developed in 1975 that allows telco operators to interconnect fixed line and/or mobile telephone networks.
The protocol was never updated to take into account the advancements made in current mobile technologies and remained grossly outdated.
