The Signaling Security Problem

By: Ilia Abramov

Mobile World Congress 2015 was a record-breaking event, with more than 94,000 attendees and 2,100 exhibitors convening in Barcelona for the tenth year in a row. As we head into this year’s conference, a number of sessions and discussions around emerging mobile trends will all echo a resounding sentiment that reflects the conference’s theme: “Mobile is everything.” After all, mobile technology continues to enter, dominate, underpin, partner with other industries and enterprises at an unstoppable speed. 

So it’s no surprise that 2016 will also be a transformative year for more connected opportunities. With this evolution towards the “connected everything” world, comes more sophisticated hackers and fraudsters, which demonstrates vulnerabilities and weaknesses in once secure networks. In addition, innovation brings about a focus on data privacy, which has – and will continue to be – a major topic as we head into this year’s MWC show (and beyond).

One security hot topic which received widespread publicity in 2015 is the vulnerabilities associated with SS7 Signaling, as well as other signaling protocols such as SIP and Diameter.  Although designed as ‘trusted,’ the network is not always as secure as was earlier believed. Potential threats to signaling systems, like SS7, are increasing across many sources, and continue to be exploited by fraudsters and hackers with ill intent. Recent news articles have revealed that unauthorized access to the network is not only possible, but easier than ever before.

This unauthorized access leaves mobile networks vulnerable to fraud and misuse, shaking consumer trust in the operator’s ability to provide privacy and prevent fraud. To date, loopholes in the SS7 protocol have been exploited to steal money, listen in on conversations, monitor messages, track a subscriber’s location, manipulate network and subscriber data, and generally disrupt services.

Given that there are more users of the SS7 network worldwide than there are of the Internet, concerns about SS7 security by operators and subscribers alike is widespread, serious and should be treated with utmost importance.

As you catch up with fellow MWC attendees and listen in on different sessions at this year’s conference, here is a brief history of mobile security, SS7 vulnerabilities and how you, the mobile industry’s most influential leaders, can help solve this emerging problem.

A Vulnerable History

Signaling networks have gone through multiple stages of evolution. Originally, SS7 networks were specific to mobile operators and required specialized equipment to arrange for simple connectivity on a physical layer. This closed circle of users combined with overall complexity of protocols ensured very controlled access to signaling networks, making it nearly impossible to obtain access to a SS7 network through a remote, unauthorized host.

However, as early as 2008, SS7 vulnerabilities were openly discussed at the Chaos Computer Club Conference in Germany. A German researcher demonstrated how the location of a mobile phone could be determined. We now know, prior to that, telecom engineers warned of possible risks; even high-level government officials were aware of the threat and voiced concern. Again, in 2013, these issues came to light when it became known that a network had been exploited for surveillance purposes and exposed SS7 vulnerabilities. 

While the technology dates back to the 1970s, the process of placing voice calls on modern mobile networks is still based on the same SS7 technology. New signaling transport protocols known as SIGTRAN are deployed, which allows SS7 to run over IP. The ultimate goal of SIGTRAN was to move from converged TDM/IP network to an all IP network, taking advantage of bandwidth, redundancy, reliability and access to IP-based functions and applications.


Latest Updates

Subscribe to our YouTube Channel