Additionally, newly-deployed 4G networks use the same concept of an all-IP network and have adopted Diameter as the signaling protocol that runs over IP. The technological concept for providing end-user services within the Evolved Packet Cores (EPCs) enables similar procedures as SS7-based networks. 

Yet, moving onto IP has not resolved the issues; it has, in fact, unfortunately provided new points of vulnerability. Important information has become exposable beyond the circle of trust within mobile operators, and the risk of privacy intrusions can quantify in the millions, depending on the case. This can lead to huge damages not only to the operator, but also affect direct revenue due to the loss of VIP customers, enterprise customers and legal exposures.

The Central Nervous System
of the SS7 Network

Think of the mobile network as the human anatomy. Signaling is the central nervous system of the mobile operator’s network, with mission-critical real-time data on subscriber identity, status and location traversing the network. This data enables the authentication of subscribers and their devices, performs call setups, authorizes charging, enforces data policies, manages quality of service and enacts roaming or interconnection agreements. Gaining access to such pertinent information can be extremely beneficial for commercial purposes, but it can also be very risky if used by the wrong people.   

Hackers with a moderate level of technical skill and malicious intent can easily exploit the mobile network and its subscribers. Hacking into networks is not as nearly as difficult as we had previously thought, proving in today’s world that keeping the mobile network secure is pertinent for both public safety and privacy.   

How it Happens

Attackers with the right expertise build nodes to emulate network elements while acting within a mobile network or on behalf of the network. Simulated elements range from Base Transceiver Stations (BTSs) to Mobile Switching Centers (MSCs), Gateway GPRS Support Nodes (GGSNs) to Short Messaging Service Centers (SMSCs). While location data is used by the operator to perform certain legitimate and acceptable functions (think of mobile banking services), the IP as transport layer was not designed to detect acceptable versus unacceptable traffic. There are a number of entry points in a Signaling network which can be exposed at various levels.

With each exploitation, hackers have specific goals for targeting subscribers. For operators, it is important to recognize these threats before they become full blown attacks and result in business revenue loss, customer dissatisfaction and fraud.

Solving the Signaling Security Problem

The mobile ecosystem has begun to define recommendations, building and implementing solutions to detect and prevent potential attacks. Operators need a solution that is easy to deploy yet comprehensive, and ideally one that overlays the existing architecture. That means integration should be flexible and eliminate the need (and expense) of redesigning the underlying signaling network architecture. The objective is not to merely block suspicious traffic but to use global threat intelligence and advanced analytics to secure the network against privacy and fraud attacks.

Simplistic IP firewall protection methods are not sufficient to detect and resolve the large majority of these vulnerabilities.  Instead, a comprehensive layer-distributed solution in the form of a signalling firewall is required.  The firewall should contain a powerful rules engine that enables screening of traffic by exposing parameters from all relevant SS7 stack layers for comparison and validation between each other and preconfigured parameters combined with the techniques mentioned above.  It must also address not only today’s threats but be sufficiently flexible and dynamic to be capable of addressing those that are yet to come.  Ideally, the solution would provide an easy to use interface, real-time access to information, predefined and just-in-time filters and underlying support from a world-class data engine. 

Given that mobile communications is a prime target for hackers who desire to penetrate critical infrastructures and businesses, operators need to be aware of the types of attacks and tools that are used by spammers, scammers and fraudsters, but also show how a network can be audited and protective measures put in place quickly before subscribers, organizations, and even governments fall prey to misuse and are severely impacted.

As a community convening on this year’s Mobile World Congress, it is imperative that we continue to build out our mobile ecosystem, working together to build critically needed solutions and put protection in place.