By Ciaran Bradley, chief technology officer at AdaptiveMobile
Over the course of the last year the telecommunications industry has seen the emergence of multiple threat vectors affecting mobile subscribers across the globe. Whilst some have been the result of efforts to directly access user devices and acquire personal data for the purposes of fraud, others have been more subtle, involving illegal surveillance and call tapping to locate political targets and access corporate and confidential state information.
As our recent research demonstrates, vulnerabilities on the SS7 network – the backbone of telecommunications networks around the world – are affecting subscribers in every region of the globe and, with the dawn of the Internet of Things (IoT) and connected devices, users will only become more vulnerable as advanced technology opens up new opportunities for attacks in the coming year.
Carriers are also at risk from the actions of criminal groups attempting to exploit the global SS7 network and through abuse of A2P messaging routes. AdaptiveMobile revealed in its 2015 analysis on A2P Bypass Fraud that network operators around the globe are suffering from losses of tens of millions in uncaptured revenues.
With these developments in mind, AdaptiveMobile looks to the year ahead, providing keen insights into the most significant threats to the telecoms sector in 2016.
The global SS7 network
The global mobile operator community will implement greater network protection controls to eliminate malicious transmissions emerging across an increasingly complex geo-political landscape.
While our research has detected suspicious activity in every region around the globe, intrinsic defence and security measures of the SS7 network have been overcome and operators are moving to prevent unauthorised actors with access from sending potentially malicious packets. Protection platforms provide the ability to monitor traffic and detect threats remotely, allowing operators to block suspicious transmissions before they reach the subscriber.
Meanwhile, state-sponsored activities prevent concrete determination of the origins of attacks and the subsequent cessation of activity and prosecution, making impartial global monitoring with active-transmission blocking the most promising method of protecting subscribers from illegal surveillance operations.
In the last few years, people have begun to value their privacy more and more, and companies operating in the mobile area have responded to this. Witness the moves to encrypt storage of personal information on mobile operating systems, new mobile devices that offer a more secure experience, and existing messaging apps that have moved to offer additional security like end to end encryption.
As mobile technology approaches the fifth generation and 2G communications infrastructure is replaced, direct threats to the subscriber from rogue nodes and signalling towers will decrease, but new vulnerabilities through Diameter will emerge, eliciting an industry shift to implement network protection.
Grey routes transmissions
Mobile operators will take action to reclaim more uncaptured revenue from grey route messaging traffic than ever before this year, totalling over $4 billion per year. According to Transparency Market Research, the A2P SMS market will be worth $70.32 billion by 2020. We also predict financial growth in this market, which will act as a call to action to operators to deploy comprehensive revenue assurance technologies such as grey route protection in order to neutralise this financial drain
The adoption of grey route protection solutions will increase, in parallel with an increase in reclaimed revenue streams. Organisations making use of unauthorised messaging routes will realise the risks in doing so, such as the fact that they not know what route messages with sensitive data – like banking information and medical appoints – are taking. In some cases being sent halfway around the world and back, making them vulnerable to potential breaches of privacy and data protection laws
Companies will invest heavily in mobile security in order to protect their brand image, reassuring subscribers regarding security around personal data and providing a streamlined customer experience free from spam and junk communications. Security threats outside of devices are just as capable at damaging brand perception as customers demand greater protective measures.
2015 has seen more vulnerabilities for Apple than ever before, particularly regarding the iOS mobile platform, considerably reducing trust in Apple’s ability to prevent attacks.
Meanwhile, OTT messaging services have experienced customer frustration at the hands of excessive spamming from external parties.
As user experience becomes the number one attribute in successful consumer products and services, retailers and providers will see investments in effective security protocols make significant return on investment in both the long and short term.
Internet of Things
Privacy concerns will become of top importance as competing ideologies bring discussions to a head. Given the emerging differences in approaching privacy regulations between the US and the European Union, it is evident that this will bring privacy to the forefront of discussions.
The IoT is perhaps the most talked about term in the mobile industry today, as the possibilities are hugely exciting for all of us, and the opportunities for industry and economy seemingly limitless.
Gartner reports that by 2020, the IoT will involve more than 30 billion connected devices with an economic value add of $1.9 trillion. However, this growth is coming with inconsistent and, in some cases, lax security standards. Security is widely recognised as a significant concern and challenge, from privacy issues to hacked Jeeps and rogue refrigerators.
In such a complex ecosystem the industry will begin to push for standard security protocols, as well as defined owners of security updates.
Endpoint devices, which are often left unsecured and which typically store valuable data. There are examples of breaches, including web cameras and home routers being accessed by hackers for fun or profit, with the hackers easily bypassing the device security. With this in mind, endpoint devices will become more and more security centric with hardware encryption becoming a common feature.
Looking deeper into 2016, telecoms providers and device manufacturers will have no choice but to demonstrate greater awareness of the growing mobile threat landscape, as consumers become even more vulnerable to attack and operators continue to lose out on massive profits due to messages travelling through unauthorised routes.
One thing is for certain; as technology evolves, so too does the threat from cyber-attacks. Consumers, businesses and governments around the world will require advanced monitoring platforms to prevent attackers from taking advantage of emerging device vulnerabilities and network loopholes.
Adaptive Mobile provide sophisticated network protection and enterprise protection ensuring complete mobile security for users and corporations.