SS7 Attack
An exploitation of decades-old telephone network signalling protocols to redirect calls and SMS messages, enabling location tracking and two-factor code interception.
Also known as: SS7 exploit, signalling system 7 hack, SS7 interception, SS7 vulnerability
Last reviewed: 10 June 2026
Signalling System 7 (SS7) is the protocol suite that phone networks worldwide use to route calls and texts across carriers. Designed in the 1970s, SS7 was built for a closed network of trusted operators and has almost no authentication. Anyone with access to the SS7 network — a telco insider, a rogue operator, or an attacker who has obtained gateway access — can send messages to any number: redirecting calls to another line, intercepting SMS messages in transit, or querying the location of a device to within a few hundred metres.
SS7 attacks against SMS-based two-factor authentication have been publicly documented in attacks on banking apps and cryptocurrency accounts. An attacker who has already compromised a victim's username and password can intercept the OTP sent by SMS, completing a full account takeover without any interaction from the victim. Nation-state intelligence services routinely exploit SS7 for surveillance, and criminal operations have rented SS7 access through underground markets.
The long-term mitigation is phasing out SS7 in favour of the newer Diameter and 5G core protocols, which have authentication built in. For consumers, the immediate protection is abandoning SMS-based two-factor authentication for high-value accounts in favour of authenticator apps or hardware keys, which are immune to SS7 interception.