When you send a text or your phone latches onto a tower in a foreign country, two separate things happen. There's the voice and data path — the actual content moving across the network — and there's the signaling path, the out-of-band control messages that tell the network where you are, how to route a call to you, and which carrier should bill whom. That second path runs on a protocol family called Signaling System No. 7, or SS7.
SS7 was standardized in the mid-1970s and built out globally through the 1980s. Its security model was simple because the world it served was simple: a small number of state-owned or heavily regulated monopoly carriers, physically interconnected, who had every commercial and legal reason to behave. There was no authentication between network elements because there didn't need to be. If a message arrived on the SS7 network claiming to come from a legitimate carrier, it was treated as if it did.
The Trust Model That Quietly Collapsed
Deregulation changed the membership of the club without changing the locks. Over the following decades, the number of entities with some form of SS7 connectivity exploded — hundreds of mobile operators, virtual operators, SMS aggregators, roaming hubs, and interconnect resellers. Access to the network, once the exclusive privilege of national monopolies, became something you could effectively lease. Researchers have repeatedly demonstrated that obtaining a global title (an SS7 network address) and sending traffic is within reach of a determined, modestly funded attacker.
Once you can speak SS7 and the network trusts you by default, a handful of standard, legitimate messages become weapons. These aren't exploits of buggy code — they're the protocol working exactly as designed, asked the wrong question by the wrong party.
SS7 has no meaningful authentication of the messages flowing between carriers. The network answers a request based on what the request claims to be, not on any cryptographic proof of who actually sent it. Everything below follows from that single missing check.
What an Attacker Can Actually Do
The capabilities cluster into three families, all built from ordinary mobility-management messages:
Locating you
Mobility messages such as anyTimeInterrogation and provideSubscriberInfo exist so a network can answer "which switch is this subscriber currently attached to?" — a legitimate need for routing. Abused, they let an outsider query a subscriber's approximate location, sometimes down to the serving cell tower, with nothing more than the target's phone number. No malware on the device, no consent, no trace visible to the victim.
Intercepting SMS and calls
The more dangerous attack abuses UpdateLocation. By telling the home network that the target has "roamed" onto a mobile switching center the attacker controls, the attacker convinces the network to route the victim's incoming calls and texts to attacker-controlled infrastructure. The victim's phone keeps showing full bars. Their text messages — including bank confirmations and one-time login codes — can be silently diverted, read, and even forwarded on so nothing looks missing.
Denial and fraud
The same primitives support cutting a subscriber off the network entirely, or manipulating billing and roaming records. Disruption is often the crudest and least interesting use; interception is where the money and the espionage live.
This Is Not Theoretical
Two well-documented episodes anchor SS7 in reality rather than research labs. In 2016, security researcher Karsten Nohl demonstrated on the CBS program 60 Minutes that, given only the phone number of U.S. Representative Ted Lieu — who consented to the test — he could track the congressman's movements and record his calls from a base in Berlin, purely via SS7.
In 2017, German newspaper Süddeutsche Zeitung reported that criminals had exploited SS7 to intercept the SMS one-time codes banks send for transaction confirmation, draining money from victims' accounts after first stealing their online-banking passwords through conventional phishing. The phone network itself became the second half of a two-stage theft.
The uncomfortable lesson of SS7 is that a code texted to your phone is not delivered over a private channel. It is delivered over a global routing system that was never engineered to keep a determined third party from reading it.
Doesn't 4G and 5G Fix This?
Partly, and not as much as you'd hope. Modern LTE and 5G core networks replaced SS7 with a newer signaling protocol called Diameter, and 5G adds further service-based architecture on top. But Diameter inherited a similar interconnect-trust philosophy and has its own documented weaknesses, and — crucially — networks must remain backward compatible. Calls and texts still fall back to older technology for roaming and interworking, and a chain is only as strong as the legacy link an attacker can force you down to. SS7 will be reachable in the global network for years yet.
Carriers are not standing still. The GSMA publishes signaling-security guidance, and many operators now deploy SS7 and Diameter firewalls that screen incoming signaling for messages that have no business arriving from a given peer. These help. They are also unevenly deployed across hundreds of networks worldwide, and you, the subscriber, have no way to audit whether your carrier — or the foreign carrier you're roaming on — has done the work.
What You Can Actually Control
You can't patch SS7. What you can do is stop relying on the phone number as a security boundary. The throughline of every serious SS7 attack is that something valuable was trusted to the telephone network.
| If you currently use… | Move toward… |
|---|---|
| SMS one-time codes for 2FA | App-based TOTP, or better, a hardware security key — neither touches the cellular network |
| Phone calls / SMS for sensitive talk | End-to-end encrypted messaging, where content is unreadable even if signaling is hijacked |
| Your phone number as account identity | Accounts and recovery paths that don't hinge on receiving a text |
SMS-based two-factor authentication is still meaningfully better than no second factor at all — it raises the bar against casual attackers. But against an adversary with SS7 access, it is close to no protection. If you're choosing a second factor, our breakdown of two-factor authentication methods compared and the case for hardware keys over authenticator apps both come down to the same principle: keep the secret off the cellular network.
SS7 interception also has a close cousin in SIM swapping, where the attacker takes over your number at the carrier rather than rerouting it in the network — and in IMSI catchers, which attack you over the air rather than through the signaling core. Different mechanisms, same conclusion: a phone number is an address, not an identity, and certainly not a secret.
Where Haven Fits
Haven doesn't use your phone number as your identity, and it doesn't send security codes over SMS. Accounts are built on a passphrase-derived key that never leaves your device, and messages are end-to-end encrypted — so even if an adversary reroutes your texts through SS7, there is nothing of yours sitting in that stream to read.
No app can fix a 1970s signaling network. What an app can do is stop depending on it. If your threat model includes well-resourced adversaries, the move that matters most is structural: stop letting the telephone network sit on the critical path of your security.