The networks furniture is exhibited; under attack, insecure or even broken. We hear it in the media, through industry reports and conferences. But really, how bad is it? Are network attacks an unstoppable epidemic or something we can limit or even prevent? What is currently being done to remove vulnerabilities individually and within the community of practitioners; and is that enough?
The current situation
It is widely recognized that a number of vulnerabilities in signaling networks are exploited on a global scale; which attack both operators and individual subscribers. The exposed weaknesses open the door to sophisticated fraud, the hijacking of subscriber communications and the disruption of service. Subscribers can be tracked and located down to street level; intercepted calls and messages, profiles tampered with to allow free services and; at worst, services made completely unavailable through denial of service attacks. If networks are left without adequate protection, operators can undermine their reputation and trust from the subscriber base and their business.
customers.
Historically, mobile network operators (MNOs) have been reluctant to report on successful reporting attacks for a variety of reasons. The current trend however is towards greater openness and information sharing among mobile network operators, with some reports even reaching the mainstream media. One such report came from O2 Germany in mid-2017, when it was confirmed that hackers had used weaknesses in SS7 reporting as one of the steps in German bank customer fraud.
In light of the growing number of reports of hacker influence on elections, fraud processing, malware distribution, and coordinated IoT devices in massive DDoS attacks; security is becoming a top priority in all sectors, sectors and institutions.
Threats based on reporting
Over the past decade, a number of new potential risks and attacks on signaling links have been discovered and revealed, most notably by P1 Security and Philippe Langlois. But it wasn't until Karsten Nohl and Tobias Engels' presentations at the Chaos Communication Congress (CCC) in 2014 that the media started paying attention to issues, making it a hot topic for both MNOs and the industry as a whole. .
Signaling networks were designed for a small group of large and often state-run telecom operators. They didn't have any of the standard security mechanisms we expect from modern networks. These days, however, we find that an increasing number of parties have access to the global signaling network. With the advent of MVNOs, specialized micro operators for A2P, IoT, M2M and other services, the number of potential access points for an attacker is increasing dramatically.
The mechanics of signaling protocols do not presently present a major obstacle to attacks. There is no encryption within the core network and no end-to-end authentication. Signaling-based attacks rely heavily on implicit trust built into the global signaling network and the fact that signaling traffic should never have been filtered. As a result, unauthorized nodes can often query any network, request subscriber information, and update subscriber profiles, even if the source node itself has no relationship to the target network.
So who is affected by network threats and what are the consequences?
The subscriber
A smartphone user could be targeted in various ways through the technologies offered by their device. As a goal, the subscriber could be subject to financial fraud, identity theft, their device could be embedded in a botnet, or they could be monitored remotely and their private data continuously.
get repaired.
The mobile network operator
The main consequence for MNOs is that subscribers, regulators and security agencies will increase the pressure on them to improve security and protect subscribers, as well as defend against larger critical infrastructure attacks.
The natural reaction to non-business-oriented change is to delay as much as possible to avoid additional costs. In the case of security, however, this can be a dangerous path. If MNOs don't take the issue seriously, we may begin to see subscribers migrate from less secure networks to those that offer a higher level of protection.
The industry as a whole
After the most recent reports and the rediscovery of vulnerability reports at CCC in 2014, the industry has been very active and made more responsible for this problem. Many MNOs have initiated risk assessment programs and / or security audits of their networks in response.
The GSMA takes reporting threats very seriously and has mandated a dedicated sub-group to collect
recommendations for addressing reporting threats. These recommendations have been collected in a series of documents and provide methods for monitoring and filtering SS7 and Diameter signaling networks. Regulatory bodies in various geographic locations are making recommendations in parallel with the industry. Leading information technology regions, including the Nordic countries and the FCC in the United States, have already drafted recommendations and other nations are likely to follow.
