What IsSS7?

It works at the network layer of the OSI (Open Systems Interchange) model. This allows for the setup, management, and teardown of phone calls. An SS7 system provides a framework for SMS as well as advanced calling features like call forwarding and call waiting.

Known as signaling points, SS7 nodes manage the network and signaling links that carry the signaling messages. 

How Does Signaling System 7 Work?

When someone places a call or sends a message, the SS7 network enables the signaling process to set up and manage the communication. The network consists of SSPs for handling calls, SCPs for database queries, and STPs for routing signaling messages. By connecting these points, signaling links allow for the exchange of information. 

Earlier versions like the SS5 used in-band signaling, where the voice channel also carried the signal tones for controlling calls. This led to many problems. For example, callers were sometimes able to hear the audible signals. The SS7 protocol solves these issues with out-of-band signaling, which uses a separate channel for the control signals. 

What Are SSPs, SCPs, and STPs?

Signaling System 7 contains three main forms of signaling nodes: SSPs, SCPs, and STPs.

As the initial point on the SS7 network, SSPs (Service Switching Points) are responsible for originating and terminating calls.

STPs (Service Transfer Points), which serve as interconnected switches, enable the routing of control signals.

As for SCPs (Service Control Points), they determine how to route calls or set up and manage certain features. STPs and SCPs often act as a collection of discrete nodes so that the service can keep going if one point fails.

Origins and Evolution of SS7

The SS7 system originated in the mid-1970s to address the rising complexity of controlling and managing telephone networks. In 1988, it became the international standard, and the latest revision came in 1993.

SS7 replaced the earlier in-band signaling methods by introducing out-of-band signaling. This allowed the communication between network elements to be more efficient, reliable, and secure. 

The protocols and architecture of SS7 were initially designed for circuit-switched networks. However, they evolved to accommodate modern digital networks and the wide range of services in today’s telecommunication landscape.

Signaling System 7 now supports automated voicemail, call forwarding, call waiting, conference calling, caller ID, mobile phone roaming, subscriber authentication, and Short Message Service (SMS), among other services. 

Global Variants of Signaling System 7

ITU-T Variant 

SS7’s ITU-T variant (International Telecommunication Union - Telecommunication Standardization Sector) is widely used on a global scale. Managed and standardized by the ITU, a UN agency, this variant follows ITU-T’s global standards for telecom networks. While it is an international version of Signaling System 7, each country maintains its own different version. 

ANSI Variant

The ANSI (American National Standards Institute) variant is North America’s version of SS7. It follows ANSI-defined signaling protocols and standards. Although it shares fundamental principles with the ITU-T variant, the ANSI variant has certain differences in features and protocol. 

ETSI Variant

The ETSI variant is the standard in Europe and adheres to the protocols of the European Telecommunications Standards Institute. It defines signaling protocols that meet the unique requirements and preferences of European telecommunications networks, reflecting the region’s commitment to standardized signaling. 

SS7 in Mobile Communication

Signaling System 7 plays a key role in mobile communication. In mobile messaging, it allows for the transmission of signaling messages for the setup, routing, and delivery of SMS and other messaging services. SS7 networks ensure secure and efficient message transfer between mobile users, leading to a seamless communication experience. 

The role of SS7 extends to prepaid billing as well, making real-time communication possible between prepaid service platforms and the Home Location Register (HLR). This facilitates quick updates on bank account balances, service authorizations, and other relevant information. As a result, mobile users benefit from timely and accurate prepaid billing services. 

International roaming is another area where SS7 is involved. When a user travels to a foreign network, the SS7 system controls the exchange of signaling information between the home network and the visited one. This includes updating the subscriber’s location, verifying their identity, and guaranteeing seamless call routing.

The HLR and the MSC (Mobile Switching Center) use SS7 protocols to exchange information. As a result, subscribers can make and receive calls, send messages, and access data services when abroad. 

SS7’s involvement in international roaming is essential for maintaining a cohesive global telecom infrastructure. It allows subscribers to stay connected across borders with consistent and reliable services.

SS7 Vulnerability

Signaling System 7 came into existence before digital encryption. This means that it’s relatively easy to listen in and forge SS7 communications. What makes the SS7 system secure is that it’s a closed network that only network operators can access.

Unfortunately, the information available in the SS7 network is fully accessible to telecom providers working as bad actors. Government agencies also have legal access to all confidential information. And while telecom operators can track the network for threats, they can’t prevent passive exploitation. 

Since SS7 has no solid security, bad actors can get unrestricted access to user data. This also allows governments to track the location of mobile users around the world even without using GPS. The best way to avoid these risks is to send voice and text messages using an encrypted IP service.