On call forwarding and SMS through SS7

2 minutes read

Call forwarding and SMS through SS7

CM is aware of the publications of The Washington Post on vulnerabilities in SS7. These are our finding on this topic.


  • The majority of the information in the Washington Post article has been known for years.
  • The newest development in the publications is on call forwarding and not on SMS
  • CM offers two solutions to cope with this issue: 1) direct operator connections. 2) end-two-end encryption for messaging on smartphones.


GSM is based on licenses. GSMA issues these licenses en their domestics. Operators used to trust each other. The growth in (virtual) operators worldwide decreased the mutual thrust. Precautions are taken to prevent misuse of networks. This has been going on for years. Next to numerous other companies, CM has been supporting and helping operators with this. From a technical point of view, the vulnerabilities can be compared to the vulnerabilities email and internet (DNS, BGP, MX) suffer from too. However, Within the telecom industry this is less common because the number of players is limited and well known.

Within GSM there are options built to listen into. This has been done regulatory and is used as well. Specialised organisations – like CM - do have options to retrieve location information on a country level. A more specific localisation is only accessible from within the telecom network.

Call forwarding

The mentioned call forwarding technology works only with voice calls, and not with SMS messages. People putting antennas near receiver to intercept and decrypt messages has been know a long time. This is a very labour-intensive and costly technique and not scalable. That’s why governments in case of serious terror threats only done that. There are minor risks for transaction authentication number (TAN), One Time Passwords (OTP) and two-factor authentication (2FA), because their validity is only short and decrypting takes longer.

Direct connections

CM offers some companies in some countries possibilities to send traffic over closed lines that don’t use SS7. The customers’ messages travel directly to CM (through VPN or private lines) and from CM to the designated operators (through VPN or private lines), which terminate them in their own network. This method costs half a cent more for more operators and can be realised with a click on a button for pre-existing customers. CM furthermore offers possibilities to add encryption through apps with SDK’s. This ensures more security but is only available to smartphone owners and takes some time to implement.


We put everything in effort to secure our transactions and take necessary precautions and inform our customers. The above is based upon our knowledge, experience and our opinion.


Enjoyed this article? Please share the news!


Continue reading

Next ‘Messaging is the new social media’
Previous The eight mobile messaging highlights of 2014
Back To news overview

Related articles

Zuckerberg: ‘New mobile data plans grow sms and voice usage’
8 ways SMS is making sense in businesses
How to reduce appointment no shows with SMS or Push reminders
SMS Pricing, everything you need to know!
Mvno Sewan connects to CM’s SMS Gateway for customer notifications

About the author

Charlotte van Raak is content marketer and makes sure our readers always have interesting blogs to read about how to engage with customers. During the day, she answers 1K questions in her role as communications advisor. At night she preferably sleeps.

Connect with Charlotte on