Exploiting SS7 to intercept text messages

When did you last use SMS for two-factor authentication (2FA)? Maybe you used it to log in to your email or social media accounts, or to access online banking? It’s become an accepted part of life in the digital age, and yet a number of recent high-impact breaches were down to attackers intercepting 2FA SMS…

When did you last use SMS for two-factor authentication (2FA)? Maybe you used it to log in to your email or social media accounts, or to access online banking? It's become an accepted part of life in the digital age, and yet a number of recent high-impact breaches were down to attackers intercepting 2FA SMS messages. By exploiting inherently insecure Signalling System No. 7 (SS7) networks, attackers can intercept and divert texts sent as 2FA. In some cases, these text messages contain codes used to authorise bank transfers, meaning interception could spell financial disaster for the victim.

Get hands on with the SS7 exploitation in our lab

Our expert content team have built a lab which takes you through a simulated SS7 network exploitation to intercept a 2FA SMS and transfer (imaginary!) funds to a bank account. Check out Matt Parven, our Principal Content Engineer, on why understanding -- and experiencing -- this exploitation is important for both red and blue teams.

We help businesses to increase and evidence human capability in every part of cybersecurity.

Legal