The networks Mobile devices are exposed; under attack, insecure, or even broken. We hear about it in the media, through industry reports and conferences. But really, how serious is it? Are network attacks an unstoppable epidemic, or something we can limit or even prevent? What is currently being done to address vulnerabilities, both individually and within the operator community; and is it enough?
The current situation
It's widely recognized that a number of vulnerabilities in signaling networks are being exploited on a global scale, attacking both operators and individual subscribers. The exposed weaknesses open the door to sophisticated fraud, hijacking of subscriber communications, and service disruption. Subscribers can be tracked and located down to the street level; calls and messages can be intercepted, profiles compromised to allow free services, and, in the worst-case scenario, services can be rendered completely unavailable through denial-of-service attacks. If networks are left without adequate protection, operators can compromise their reputation and the trust of their subscriber base and their business.
customers.
Historically, mobile network operators (MNOs) have been reluctant to report successful signaling-based attacks for a variety of reasons. However, the current trend is toward greater openness and information sharing among MNOs, with some reports even reaching the mainstream media. One such report came from O2 Germany in mid-2017, when it was confirmed that hackers had exploited weaknesses in SS7 signaling as one of the steps in defrauding German bank customers.
Given the growing number of reports of hackers influencing elections, plotting fraud, distributing malware, and coordinating IoT devices in massive DDoS attacks, security is becoming a top priority across all industries, sectors, and institutions.
Threats based on reporting
Over the past decade, numerous new potential risks and attacks on signaling links have been discovered and disclosed, most notably by P1 Security and Philippe Langlois. However, it wasn't until presentations by Karsten Nohl and Tobias Engels at the Chaos Communication Congress (CCC) in 2014 that the media began to pay attention to the issues, making them a hot topic for both MNOs and the industry as a whole.
Signaling networks were designed for a small group of large and often state-run telecom operators. They didn't have any of the standard security mechanisms we expect from modern networks. These days, however, we find that an increasing number of parties have access to the global signaling network. With the advent of MVNOs, specialized micro operators for A2P, IoT, M2M and other services, the number of potential access points for an attacker is increasing dramatically.
The mechanics of signaling protocols do not presently present a major obstacle to attacks. There is no encryption within the core network and no end-to-end authentication. Signaling-based attacks rely heavily on implicit trust built into the global signaling network and the fact that signaling traffic should never have been filtered. As a result, unauthorized nodes can often query any network, request subscriber information, and update subscriber profiles, even if the source node itself has no relationship to the target network.
So, who is affected by network threats and what are the consequences?
The subscriber
A smartphone user could be targeted in a variety of ways through the technologies offered by their device. As a target, the subscriber could be subjected to financial fraud, identity theft, their device could be incorporated into a botnet, or they could be remotely monitored and their private data continuously accessed.
get repaired.
The mobile network operator
The main consequence for MNOs is that subscribers, regulators, and security agencies will increase pressure on them to improve security and protect subscribers, as well as defend against attacks on larger critical infrastructure.
The natural reaction to non-business-oriented change is to delay it as long as possible to avoid additional costs. In the case of security, however, this can be a dangerous path. If MNOs don't take the issue seriously, we could begin to see subscribers migrate from less secure networks to those offering a higher level of protection.
The industry as a whole
Following the most recent reports and the rediscovery of vulnerability reports at CCC in 2014, the industry has become very active and has become more accountable for this issue. In response, many MNOs have initiated risk assessment programs and/or security audits of their networks.
The GSMA takes reporting threats very seriously and has mandated a dedicated sub-group to collect
Recommendations to address signaling threats. These recommendations have been compiled into a series of documents and provide methods for monitoring and filtering SS7 and Diameter signaling networks. Regulatory bodies in various geographic locations are developing recommendations in parallel with the industry. Leading information technology regions, including the Nordic countries and the FCC in the United States, have already developed recommendations, and other nations are likely to follow.
