I wonder if we're forgetting to patch these old-school 'non-sexy' systems because so much focus is on more modern purely IP technology.
SS7 emerged in the 1970s and got standardised officially in 1980. It's very old-school in many ways and is designed for handling telephone calls and ISDN data on digital telephone exchange networks. It has umpteen different national versions and proprietary extensions for various purposes.
It underlies a big chunk of how GSM and UMTS work too. LTE (4G) is all-IP based, but your voice and text traffic is still falling back onto older SS7 based traditional telephony technologies in most cases as VoIP type systems for LTE haven't been widely rolled out.
It's easy to forget that a lot of voice calls and data still get processed by some rather dusty old digital technology that developed quite separately from the internet and IP.
Also, a lot of those systems were built with "legal interception" capabilities from day one too. So, I'm sure there are plenty of things that could be spoofed, intercepted, or otherwise hacked by someone who really knew their way around those old voice and data networks.
I just always get the impression that 'the industry' and the equipment vendors thought that all of these old networks would have been shut down and replaced by something more modern like SIP and VoIP for voice by now. However, there are still loads of old telephone switchs like Ericsson AXE, Alcatel-Lucent's 5ESS (Bell Labs), E10 (Alcatel) and S12 (ITT), Nokia/Siemens EWSD and DX200, Nortel/Genband DMS, Marconi System X (UK only) and so on all still chugging away providing ISDN and Dial tones all over the world, they've been adapted and tweaked to sit on more modern networks, but the old school stuff's often still there in the local exchange / central office along side cutting edge fibre to kerb and everything else.
These older systems and protocols are also firmly embedded in modern IP networks and SS7 is used for many call handling functions even in much later generation networks and you'll find telephone switching systems running on modern blade servers etc etc..
From what I can see, these systems will be with us for a lot longer than anticipated and we'd really want to ensure they're locked down against modern threats!
Biting the hand that feeds IT
