The only way to protect against this vulnerability is to use apps which use end-to-end encryption such as Signal and WhatsApp.

The fact that Signaling System 7, the crucial protocols which encapsulates the process phones follow for making and receiving phone calls, sending and receiving messages as well as sending and receiving data, is flawed and is vulnerable to attacks has been known for the last two years.

Recently the issue was again highlighted in 60 minutes and thankfully it caught the attention of a Congressman who decided to do something about it.

As per The Daily Dot, Rep. Ted Lieu (D-CA) has called for a full investigation into an incident which clearly spooked him as a security researcher tracked his movements through LA and recorded his phone calls, without him being even aware of it.

The following is what took place. Lieu was given a regular off-the-shelf iPhone by the 60 Minutes crew with the express understanding that the phone might be rigged/hacked. Lieu proceeded to use for his work calls.

Karsten Nohl, from Seucrity Research Labs, who discovered the SS7 vulnerability two years ago, was able to gain access to privileged information regarding the congressman, thanks to an exploit of SS7 vulnerability.

“The applications for this vulnerability are seemingly limitless, from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring US government officials,” wrote Lieu in a letter to a ranking member of the House Committee on Oversight and Government Reform who also happens to be its chairman.

What is interesting is that, in the several examples he provided not once did he mention that this vulnerability can be exploited by the government to quietly eavesdrop on its own citizens.

If Lieu is spooked by the consequences and potency of this exploit, he certainly is right since essentially the SS7 protocols dictates how phone calls, messages and phone data traffic is routed regardless of what operating system its on.

Currently, the only way to protect yourself against such a vulnerability is to use apps that encrypt the traffic from one end to the other, such as WhatsApp and Signal.