New technologies are constantly appearing in our life. Nowadays the mobile world is moving to 5G. However, there are billions of subscribers who still use GSM and UMTS networks, which rely on the SS7 (Signaling System #7) protocol stack. When the SS7 stack was being developed, it was supposed to be used as an isolated network within a small club of big telephone operators with a high level of trust. Developments in telecommunications brought their own correctives. Firstly, the number of operators has been growing rapidly. Secondly, in the early 2000s, SS7 got the possibility of sending signaling traffic over IP networks with a new specification called SIGTRAN. The SS7 network stopped being isolated and the small club stopped being small. Now an intruder can easily connect to an SS7 network and perform attacks specific to mobile operators, such as location tracking, service disruption, fraudulent activity, SMS and voice call interception. Mobile operators, equipment vendors, and non-commercial organizations (such as the GSMA – the association of mobile operators) are aware of the problem. They develop and implement security solutions mitigating threats from SS7 networks. Our recent research shows that SS7 has vulnerabilities that allow bypassing any protection tools. Manipulation of parameters on different layers of an SS7 message may help an intruder to cheat a security tool and achieve the goal even with subscribers served by a well-protected network. The research findings were reported to the GSMA Coordinated Vulnerability Disclosure Programme and FASG (Fraud and Security Group). The report was used for a security recommendations update. I will demonstrate how an intruder can perform the above-mentioned attacks against subscribers in mobile networks protected by mature security tools. I will explain why it is possible and how networks and security equipment react to malicious traffic. In addition, I will give recommendations to mobile operators on how to improve security on their networks.
About Sergey Puzankov @xigins
Sergey Puzankov is a Telecom Security Expert at Positive Technologies. Sergey graduated from Penza State University with a degree in automated data processing and management systems in 1998. Before joining Positive Technologies in 2012, he worked as a quality engineer at VimpelCom. Being a security expert in telecommunication systems at Positive Technologies, he is engaged in the research of signaling network security and in audits for international mobile operators. He is part of the team that revealed vulnerable points in popular two-factor authentication schemes using texts and demonstrated how easy it is to compromise Facebook, WhatsApp, and Telegram accounts. As an expert in telecom security, he researches signaling network security and participates in audits for international mobile operators. Sergey is also the general developer of the Telecom Vulnerability Scanner tool and member of the Telecom Attack Discovery development team and co-author of Positive Technologies annual reports on telecom security.