Vulnerable: Closing SS7 network loopholes


By Ilia Abramov, product director, Xura

Back in April, US current affairs show 60 Minutes revealed how simple it was for Berlin-based white hat hackers to access US Congressman Ted Lieu’s mobile phone, listening to and recording his calls, tracking his movements and viewing his contacts.

While entirely consensual, the hack once again highlighted a concerning number of serious vulnerabilities in Signalling System No.7, or SS7, a global network that connects mobile phone operators and their customers.

Central nervous system

Widely used by mobile operators, SS7 is a protocol that provides operators with the ability to manage communications and bill subscribers for the service they provide. Containing mission critical and real time data, such as a subscriber’s identity, status and location, SS7 is the central nervous system of a mobile operator’s network.

Clearly, the information it holds could prove extremely valuable to anyone looking to use it for commercial or criminal ends, so it’s little surprise that operators are concerned about the security of the network, particularly when you consider that the SS7 network has more users than the internet.

SS7 was originally designed for use in network environments that were assumed to be trustworthy and, for many years, that assumption appeared to be correct. However, in 2008 vulnerabilities were exposed publicly and it transpired that it was not as secure as originally thought.

Potential risks had been highlighted by telecom engineers, concerns raised by top government officials, and a German researcher was able to demonstrate how vulnerabilities in the protocol could be exploited to determine the location of a mobile phone. However, when it was revealed in 2013 that an SS7 network had been exploited for the purpose of illicit information gathering, the issue finally gained the attention of the wider public.

New points of vulnerability

Since then, a series of incidents have revealed that it is not only possible to access the network, but that doing so is actually far simpler than was once believed.

The process of placing voice calls in modern mobile networks still relies on SS7 legacy technology, but new signalling transport protocols known as SIGTRAN allow SS7 to run over IP which provides operators with the advantages of greater bandwidth, redundancy, reliability, and access to IP-based functions and applications, but has also opened up new points of vulnerability.

Loopholes in the SS7 protocol can leave networks open to fraud and misuse. With the right technical skills and intent, it’s possible to exploit these loopholes to commit fraud, listen in on conversations, hijack OTT accounts, monitor messages, determine a subscriber’s location, manipulate network data and generally disrupt services.

Detection and prevention

Mobile communications are a prime target for those with criminal intent looking for ways to exploit personal information and penetrate business infrastructure, and SS7 vulnerabilities provide them with the way in they seek. While obviously of great concern, this also represents an opportunity for savvy operators to become a more trusted provider in a world where customer loyalty now counts for very little.

Work has begun across the mobile ecosystem on defining recommendations, and building and implementing solutions that can be used to detect and prevent potential attacks to the network.

Such solutions must be comprehensive and easily deployed, ideally overlaying existing architecture to eliminate the need for costly redesigns. Not only should the solution be able to block malicious traffic, but it should also use global threat intelligence and advanced analytics as a means of securing the network against fraud and attacks on the privacy of an operator’s subscribers.

A growing number of sources, such as hackers and fraudsters, represent potential threats to the SS7 network, and are increasing the pressure on mobile operators to protect the privacy of their subscribers.

With SS7 vulnerabilities increasingly well-documented and widely publicised, time is of the essence. It’s more important than ever for the mobile ecosystem to work together to quickly find and implement protective measures before consumers, businesses, governments and operators suffer.

It is therefore fair to say that the mobile operator industry is taking these issues very seriously. Under the lead of international association, the GSMA, a group of leading mobile operators and telecom vendors have united to develop preventive measures ensuring the security and consistency of signalling networks worldwide. In an approach designed to ensure the privacy of mobile communication, the majority of fraudulent scenarios have been researched and recommendations on increased network security have been issued.

Xura offers customers a pathway to next generation digital technology. Its thinking unlocks the possibilities of no boundaries communications.


About Author

Comments are closed.