SS7 Most Awaited Attack Finally Revealed | Signaling System 7 | SS7 Attack Tutorial

SS7 Most Awaited Attack Finally Revealed || SS7 Attack Tutorial

So to be directly comming on the Topic what is SS7 the thing is its Signaling System 7 (SS7) is an international telecommunications standard that defines how network elements in a public switched telephone network (PSTN) exchange information over a digital signaling network. Nodes in an SS7 network are called signaling points.

Well this much information is easliy avalible on Google now lets talk quite Beyond this.

SS7 Hacking :

To hack the SS7 you just need a network and a Script of SS7 but the thing is its non-were but the Goverment have that so still i have not get that and even many advance hackers also have not get the Script .


BUT there is a way by which you can do all those types of activites But its have limitations.

How to intercept mobile communications (calls and messages) easily?


BSC(base station controller) is the brain for BTS. It is the decision-making device and it decides switching among different BTS. Also it doses switching of calls. The interface between BSC and BTS is called GSM A-bis interface.

In our case we will use OpenBTS software to configure our software defined radio (SDR) platform which are basic radio set with can work as radio or with help of OpenBTS and Linux we can convert it into a OpenBTS. We will also use Asterisk Server, which help in call switching and is very easy to configure as BSC.

OpenBTS is open source software
Asterisk Server is also a open source
Linux as we all know is also open source.
Software defined radio (SDR) platform is a hardware which will cost you around 500- 1000 USD.

How it Works

BTS verifies to which mobile device it’s connecting but the mobile device doesn’t verify the identity of mobile network BTS it is connecting. Because handsets always choose the strongest signal, so if there is a new BTS with stronger signal the mobile phone will connect to it always. In GSM the BTS decides to enable encryption or not so our new OpenBTS station will be not use encryption to we can listen to all the calls and sms. The IMSI catcher does have to not break GSM encryption; it just acts as a base station and tells the phone to disable GSM encryption.
In order to spoof a network we will need some information: the mobile country code, the mobile network code and the network name. All this data can be easily found on Internet and we can program our OpenBTS with these values and configure IUSACELL o any network. After configuring these settings in our BTS the mobile phones within the range will start connecting to our OpenBTS .

We will also configure Asterisk Server, which will act as a call switching software and also help us in listing to calls in real time or may be recording them.

So thats all i have taken help of a Blog for this post which is opensource and of wikipedia also there was a video on this On youtube but now it have been removed.

Don’t Use for illegal purpose. Its a serious Crime. Its only for educational purpose.

Enjoy Hacking… 🙂

Surf Safe 🙂


Please enter your comment!
Please enter your name here

4 × four =