SS7 Vulnerabilties Enable Hackers To Exploit Mobile Communication Networks

While the Internet has enabled important advances in mobile communication, it also has become a tool for penetration into critical infrastructures, including enterprise control systems. Stealing money, determining subscriber location, tapping messages and calls — all of these are obvious possibilities that intruders can achieve by performing attacks that exploit SS7 vulnerabilities.

While a mobile communication network typically involves the use of advanced technologies, in reality it is a complex system built on subsystems of different technological levels, with the security of the whole network usually defined by the security level of the weakest link. SS7 technology, which traces back to the 1970s, can be a particularly weak link. Even today, the process of placing voice calls in modern mobile networks is still based on technology from an era when safety protocols involved physical security of hosts and communication channels.

While it was once impossible to obtain access to an SS7 network through a separate unauthorized host that is no longer the case. Today, SIGTRAN allows the transfer of SS7 messages over IP networks. With security vulnerabilities still present in upper levels of SS7 protocols, an intruder with basic skills can perform dangerous attacks that may lead to direct subscriber financial loss, confidential data leakage or disruption of communication services.

Research Findings

During network security testing, the experts at Positive Technologies managed to perform SS7 attacks such as discovering a subscriber's location, disrupting a subscriber's service, SMS interception, USSD request forgery (and transfer of funds as a result of this attack), voice call redirection, conversation tapping and disrupting the availability of a mobile switch. Even the world’s top 10 telecom companies were vulnerable to these attacks.

Intruders do not need sophisticated equipment, and a single attack using SS7 commands enables an intruder to perform further attacks using the same method. Attacks are based on legitimate SS7 messages so simply filtering messages will have a negative impact on the overall quality of service.

Key Recommendations

The experts at Positive Technologies offer the following recommendations for protecting SS7 networks:

  • Analyze provider hosts in the SS7 network
  • Control message filtering
  • Monitor SS7 traffic
  • Examine the potential for attacks and fraud
  • Find equipment configuration errors and vulnerabilities in protocols

The convergence of core communications systems and IT technologies opens up mobile operators to deliberate and malicious disruptions from cyber-attack. The risks are high, so you need an info security partner who can perform an in-depth security assessment across all of your core network layers to identify every crack that a hacker could crawl through. Let us help you today.