Network Security: The Problem with Ignoring Mobile Signaling Threats


Within telecom industry security circles, SS7 mobile data network and Diameter threats have been a long-standing issue for years. It’s a problem hiding in plain sight, but it can no longer be ignored by operators.

It’s not a matter of if, but when the next major attack happens, and when it does, it will cause permanent damage to reputations, as well as hurt unsuspecting customers.

Researchers first brought the problem to light in 2014, showing how SS7 vulnerabilities could be exposed to track people and intercept their communications. Unfortunately, the situation hasn’t improved much since then.

Look no further than just last year, when the bank accounts of unsuspecting O2-Telefonica customers in Germany were drained of more than $200,000. Operating faster and smarter than anyone had anticipated, these highly sophisticated hackers understood that by simply targeting users on one network, they would lower their risk of being detected.

The O2-Telefonica hack should have been a wake-up call for the entire industry, a clear message that things needed to change. But now going on one year since the attack, it’s surprising just how vulnerable many operators still are. The reality is that mobile signaling security standards are a long way from where they need to be – where customers can feel, and be, protected.

Network security has turned into what could be described as an unfair foot race, in which the race has already started but operators are still putting their shoes on. The next generation of hackers have a huge lead in their efforts to expose network flaws.

And those flaws aren’t just limited to SS7, as Diameter is now an attractive attack vector, and data-centric attacks utilizing the GTP protocol are also increasing. If operators don’t catch up – and quickly – a $200,000 fraud will seem like pennies on the dollar compared to future attacks.

The issue is also raising alarms among government officials. Senator Ron Wyden of Oregon issued formal letters to the NSA and to US Mobile Operators regarding the US Department of Homeland Security 2017 report on cybersecurity threats related to mobile phones and cellular networks.

Also, California Congressman Ted Liu has called for carriers to address the problem, and was even hacked (with his consent) as part of a demonstration of SS7’s many flaws for a CBS News feature. In the UK, the National Cyber Security Centre (NCSC) has issued calls for increased protection of UK mobile operator networks. It’s public efforts like these and others that are shining a light on the fact that mobile signaling threats can affect us all. It’s no longer just an operator problem.

Naturally, these issues need attention, but they also raise important questions; with whom does the blame and responsibility lie when a hack occurs? It’s logical to place blame with the hacker(s), but scratch the surface and critical questions become bare: how and why were they able to get access in the first place? Was there no protection? To what extent should operators be held accountable for preventing attacks? Difficult questions like these will only get become louder if core security issues remain unresolved. Ultimately, the entire industry could be put under the microscope.

So how can operators address the root causes of security vulnerabilities, and start addressing the tough questions? A proactive, rather than reactive stance, is a great first step in dealing with threats within their networks. But admittedly that’s a lot harder than it sounds given the massive amounts of data operators deal with each day.

Between streaming video services, the rise of IoT, and the steady increase in smartphone data usage, networks are starting to show signs of wear and tear. Nowhere is this more obvious than with security monitoring and management, where traditional security processes are struggling to scale.

Reflecting on the O2-Telfonica hack, an SS7 firewall would have provided an added layer of security. However, protection is only as good as the threats you can detect. Looking forward, operators will need to rely heavily on advances in analytics and AI to uncover emerging trends and identify advanced threats proactively.

Deep learning algorithms, visibility and monitoring, and threat intelligence feeds will all play critical roles in sniffing out threats before they can come to fruition. Machine-learning-based analytics platforms provide real-time analysis of the massive amounts of data for which operators are responsible. This will ensure the ability to view threats beyond one’s own network, and provide the forensic tools to help them make sense of it all.

All of this offers operators piece of mind that SS7, Diameter, GTP and other threats are being monitored for and protected against in real-time. But in the race to respond to the threats of the future, it’s even more important that operators feel empowered to take on the challenge, armed with a system in place that fosters proactivity through the most advanced threat prevention technologies available. It’s a race that can be won, if operators are equipped and ready to win it.