Guest post written by Ilia Abramov, Product Director @ Xura
Signaling networks, enabling the exchange of information that sets up, controls and terminates calls, have been through multiple stages of evolution since the early days of telephony.
Signaling System No. 7, or SS7, was developed to exchange information over digital signaling networks specific to mobile operators, and requires specialised equipment to fulfil even simple connectivity.
The complexity of its protocols, and the fact that it is used only by a closed circle of mobile operators, means that SS7 offers very controlled access to the networks themselves. That said, it’s worth bearing in mind that an SS7 network contains crucial information regarding a mobile network such as subscriber data, and mobility and authorisation information.
SS7 networks have since evolved to become IP-based, making them more accessible to a wider community outside of traditional mobile operators. But, with the emergence of cheaper, and better performing IP solutions, the level of trust has dropped significantly.
Open to a new level of exposure
The amount of important information held by the networks is now open to a level of exposure far beyond the previously limited circle of mobile operators. A breach of privacy could lead to the possibility of legal damages and the loss of customers, resulting in damage to both an operator’s brand and its bottom line.
However, as technology evolves, so should a company’s processes.
On the whole, the majority of SS7 equipment is tested for failover and reliability issues with little attention being given to data integrity and overall security.
Now though, with the introduction of IP-based solutions, a user’s identity or location information is at risk of exposure; phone calls, data and SMS can be intercepted, leading to the compromise of subscriber privacy. Going beyond this, incidents such as a denial of service (DoS) can take whole areas out of service and, once they reach a certain frequency and level of severity, can border on terrorist attacks.
Furthermore, signaling for next-generation networks (3G, 4G, 5G, and beyond) in the evolved packet core (EPC) network is based on Diameter, with flexible protocols far removed from those used in SS7.
More accessible to the internet community than its predecessor, and with a greater number of parameters, Diameter offers new opportunities for attackers to access sensitive network information.
Be aware of the risks
Mobile operators need to be more aware of these new and greater risks to their networks, and introduce a number of new disciplines.
First, they should ensure they have IP security in place for secure connectivity to adjacent intercarrier nodes or roaming partners.
On top of this, simple access control lists should be defined which, whilst they won’t protect operators from attack, will serve as a minimal measure for ensuring direct connectivity.
Additional measures should include Diameter dictionary control to prevent misuse of optional average voice packet (AVP) parameters, throttling, DoS protection, close monitoring of interconnects, and the identification of any irregularities and anomalies.
New protocols offer significant opportunities in terms of performance, cost and efficiency, but they also bring with them an increased number of risks to a network’s security and privacy.
We strongly advise therefore that, when planning network expansion, operators go another level and consider signaling security. A prudent investment at this stage could have long term revenue benefits as well as ensuring that the faith and confidence subscribers have in the network’s security is not destroyed further down the line. What operators need is a Signaling Fraud Management System, which is able to dynamically detect and address signaling fraud attacks!