SS7 Attacks Continue to Plague Telecom Networks, Enabling Surveillance and Fraud

A new report from the telecommunications security firm GSMA reveals that attacks exploiting vulnerabilities in the Signaling System 7 (SS7) protocol continue to plague mobile networks worldwide, enabling surveillance, financial fraud, and privacy violations on a massive scale.

SS7 is a decades-old protocol that enables mobile carriers to exchange information for routing calls and messages across networks. Security researchers have been warning about its vulnerabilities since at least 2014, but the report finds that remediation efforts have been "dangerously inadequate."

"We've identified over 2,000 distinct attack campaigns targeting SS7 networks in the past year alone," said James Sullivan, head of threat intelligence at GSMA. "These attacks are being used for everything from surveillance of high-profile targets to large-scale banking fraud."

The most common attack involves hijacking SMS messages to intercept two-factor authentication codes, allowing attackers to take over victims' bank accounts, email, and social media profiles. In 2025, SS7 SMS interception was linked to over $500 million in financial fraud globally.

Nation-state actors are also exploiting SS7 for surveillance purposes. The report documents cases where governments have used commercial SS7 access services to track the location and intercept communications of journalists, activists, and political opponents.

"The fundamental problem is that SS7 was designed in an era when all network participants were trusted," explained Dr. Karsten Nohl, a security researcher who first demonstrated SS7 attacks publicly in 2014. "Fixing it requires either replacing the entire protocol or implementing filtering measures that carriers have been reluctant to deploy."

The GSMA is urging carriers to implement SS7 firewalls and anomaly detection systems, though the report acknowledges that many smaller carriers lack the resources or expertise to do so effectively.