- Low impact on signaling traffic
The PT SS7 AD system is implemented at the border of the SS7 network avoiding a negative effect on signaling traffic. Only an IP connection is required. There is no need to assign special addresses to SS7 in the form of Signaling Point Codes (SPC) or Global Titles (GT). Quick attack identification and its thorough analysis enhances protection avoiding impact on the speed of the network and its services.
This is available in systems with load balancing over several Signal Transfer Points (STPs), ensuring the whole SS7 perimeter is covered and preventing false positives.
This approach rapidly determines which SS7 network activity is irregular by monitoring traffic changes and comparing its characteristics at different times.
User-friendly dashboards display information about all interactions with external SS7 networks; attacks and fraud attempts. These dashboards are configurable for ease of data analysis.
Uncover SS7/SIGTRAN Threats without Putting Services at Risk
It’s hard to overstate the importance of mobile networks in today’s world. Needed for more than just voice, data, and SMS communications between individuals, these same networks are also used to transmit data between machines such as ATMs, retail payment terminals, and smart energy meters in the Internet of Things (IoT).
As reliance on these networks grows, so does the need to secure them. But concern is mounting over a major threat to this security: the widely used but flawed SS7 signaling system. Research from Positive Technologies shows even low-skilled intruders with cheap equipment can exploit vulnerabilities in SS7/SIGTRAN networks to commit fraud, steal sensitive data, and interrupt services.
PT SS7 Attack Discovery (PT SS7 AD) offers carriers the ability to rapidly detect, identify, and analyze attacks on their SS7 networks. And, unlike existing SS7 firewalls, it has no negative impact on mobile services.
Low-Impact Detection for All Major SS7 Attack Types
PT SS7 AD is installed on the border of a carrier’s SS7 network, with only an IP connection required to begin detecting and investigating the most critical and common forms of malicious activity, including:
- Monitoring networks and harvesting subscriber data (IMSI, MSC/VLR, HLR)
- Tracking a subscriber’s location
- Redirection and wiretapping of voice calls and SMS communications
- Sending fake text messages and data (USSD) from a subscriber’s number
- Denial of service to a subscriber or a network segment
- Bypassing the carrier’s billing system to make free calls
- Editing subscriber profiles in VLR, for example, switching anonymous prepaid SIMs to function as post-pay and provide free calls
Dynamic analysis is used to rapidly identify irregular activity on the SS7 network and detect emerging attacks.
The PT SS7 AD knowledge base is regularly updated to reflect the latest research from the Positive Technologies Telecoms Research Lab.
Message correlation reduces false positives and ensures full perimeter coverage on systems that are load-balanced over several Signal Transfer Points (STPs).
Results are visualized in customizable, user-friendly dashboards to help carriers quickly and fully understand their risk levels.
Upgrade Your Network Awareness
PT SS7 AD creates a single SS7 stream database on the carrier’s network, enhancing the overall level of network awareness. Use in-depth analysis of signaling traffic and call flows to investigate fraud, gather evidence of malicious activity, detect equipment errors, and pinpoint bottlenecks in your infrastructure.