SS7: The Silent Threat Inside Your Phone

Mr. WhoMr. Who
4 min read

In a recent eye-opening episode of Linus Tech Tips, tech influencer Linus Sebastian teamed up with science communicator Derek Muller (from Veritasium) to expose a shocking vulnerability in the global mobile communication system. What they discovered wasn’t just a theoretical issue—it’s a real threat that puts millions of people at risk, every day.

They uncovered how an outdated but still widely used system called SS7 (Signaling System No. 7) can be hacked to intercept phone calls, read texts, and track users—all without them ever knowing.

Let’s break it down in simple terms.

📞 What is SS7?

SS7 is a telecom signaling protocol developed in 1975. Think of it as the system that allows different phone networks (like AT&T, Vodafone, etc.) to talk to each other behind the scenes. It enables things like:

  • Call forwarding

  • Roaming between countries

  • SMS delivery

  • Caller ID

Back then, security wasn’t a big concern. The assumption was that only trusted phone companies would be using this system.

But fast-forward to today: over 1,200 telecom operators are connected to SS7. And not all of them are trustworthy.

😱 How Easy Is It to Hack?

In the video, Linus and Derek work with cybersecurity experts Karsten Nohl and Alexandre De Oliveira to demonstrate a real-world SS7 hack. They successfully:

  1. Intercept Linus’s phone calls

  2. Read his text messages

  3. Track his location—all remotely

And they did it using a three-step process that even a moderately skilled hacker could replicate with enough determination:

  1. Gain access to SS7 – by working with or infiltrating a telecom provider (especially in regions with lax oversight).

  2. Establish trust – SS7 networks trust each other too easily, so once inside, attackers are treated as “legit.”

  3. Launch the attack – rerouting calls, forwarding texts, or pinpointing a device’s location.

👑 A Real-World Victim: Princess Latifa

This isn’t just a geeky experiment. The video recounts the story of Princess Latifa of Dubai, who tried to escape her country and live freely. Unfortunately, her location was tracked down using an SS7 exploit, and she was captured.

That’s a chilling reminder: this technology can be used not just by criminals, but by governments, too.

🔐 Why SMS-Based Two-Factor Authentication Is Broken

You’ve probably used two-factor authentication (2FA) before—where you receive a text message with a code to log into your bank or email.

Here’s the problem: if someone hacks into SS7, they can intercept that SMS code and log into your accounts without needing your password.

The experts strongly recommend stopping the use of SMS-based 2FA and switching to safer alternatives:

  • Authenticator apps (like Google Authenticator or Authy)

  • Hardware tokens (like YubiKey)

🧠 Why Haven’t We Fixed This?

You might be wondering: “If SS7 is so dangerous, why is it still in use?”

That’s a great question—and the answer is frustrating:

  • SS7 is deeply embedded in global telecom infrastructure.

  • Updating it requires massive coordination between hundreds of telecom providers.

  • Replacing it is expensive and time-consuming.

  • New systems like Diameter (used in 4G/5G) still rely partly on SS7 for compatibility.

Until we fully retire SS7, everyone remains vulnerable—even if they’re using the latest smartphones.

🔎 What You Can Do to Protect Yourself

While you can’t personally fix the global telecom system, you can take steps to protect your digital privacy:

✅ Use App-Based or Hardware-Based 2FA

Avoid SMS codes. Use Google Authenticator, Authy, or a hardware key.

✅ Encrypt Your Messages

Switch to secure messaging apps like:

  • Signal

  • WhatsApp (end-to-end encrypted)

  • Telegram (secret chats only)

✅ Stay Informed

Follow trusted cybersecurity channels and tech news. Awareness is your first line of defense.

✅ Watch for Unusual Activity

If your texts or calls start behaving oddly—or if you suddenly lose signal—someone might be tampering with your connection.

⚠️ Final Thoughts: A Wake-Up Call

The Linus Tech Tips episode serves as a powerful reminder: our mobile networks aren’t as safe as we think. And while SS7 might sound like an obscure piece of technology, it touches nearly every phone call and text message on the planet.

The good news? By taking a few simple precautions, you can greatly reduce your personal risk.

The bad news? Until telecom companies overhaul their systems, this remains a global security ticking time bomb.

🔐 Stay safe. Stay informed. And never assume your phone is as private as it feels.

0
Subscribe to my newsletter

Read articles from Mr. Who directly inside your inbox. Subscribe to the newsletter, and don't miss out.

ss7hacker#cybersecurity

Written by

Mr. Who
Mr. Who