An exposé by CBS has revealed the extent of SS7 vulnerabilities after a successful network-level hack conducted on a US congressman’s phone.

Tim Skinner

April 19, 2016

3 Min Read
SS7 security flaws uncovered by CBS exposé

An exposé by CBS has revealed the extent of SS7 vulnerabilities after a successful network-level hack conducted on a US congressman’s phone.

A team of researchers working with CBS were able to track the specific movements of US congressman Ted Lieu based purely on messages being received by the mobile network itself. Regardless of applications, mobile phone model, location-based services being active or inactive, or any other user-level decisions, the research team was able to take advantage of SS7 network frailties. Not only was the location of the phone able to be tracked, specific calls and messages can be intercepted and monitored too.

Mobile network security firm AdaptiveMobile shared its thoughts on the CBS report and SS7 frailties in general in a blog post. In the post, AdaptiveMobile’s head of threat intelligence Cathal McDaid explained how intelligence agencies around the world also have a record of exploiting the SS7 network, which operators use to organise communications and communicate with other operators over billing.

“We have seen ourselves in our work with mobile operators worldwide in building defences to secure their networks,” he said. “During the course of this, we uncovered several very sophisticated, global networks, engaged in the attempted tracking and interception of individuals in sensitive positions. As we have argued, the scale/sophistication and the objectives behind these lends themselves to believing that much of this is of an espionage/ spying function”

SS7 vulnerability presents an extensive threat to telecoms operators, according to AdaptiveMobile, after Norwegian operator Telenor had over a million of its mobile customers, representing nearly a third of its national user base, knocked off the network for nearly four hours following a vulnerability test conducted by a third party in Luxembourg earlier this year. Unidentified packets being sent over the SS7 network during the analysis caused the Home Location Register (HLR) to crash, thus knocking customers entirely off the network.

Public interest in SS7 frailty is growing on the back of reports such as CBS’s, and operators are likely to face increasing pressure to shore up their security practises, according to Mark Windle, Strategy and Marketing Director at signalling security specialist Xura.

“Threats to the SS7 security are everywhere; from hackers and fraudsters with criminal intent, to intelligence services operating beyond the boundaries of their remit,” he said. “Not only this, subscribers are now more aware of this imminent danger, and are therefore demanding greater levels of protection and security. Operators are under increasing pressure to act before high-profile individual or enterprise customers suffer a security breach and hold the operator accountable, and further pressure can be expected from regulators seeking to defend the privacy of all consumers.

The Telecoms.com Intelligence Annual Industry Survey 2016 conducted research into operator attitudes towards spam and fraudulent activity on the SS7 network. Nearly 70% of respondents, of which there were more than 1,500, were acutely aware of the clear and present danger of SS7 vulnerabilities, and 84% said they see SS7 security as important or critically important to their business. The biggest threat to operator business from an SS7 attack, as identified by the audience, was the risk of exposure to further network insecurities – according to 29% of respondents.

Operators, therefore, appear acutely aware of the need to further protect their signalling networks, and are being forced in to more defensive reinforcement as its frailties become increasingly propelled into the public eye.

 

About the Author(s)

Tim Skinner

Tim is the features editor at Telecoms.com, focusing on the latest activity within the telecoms and technology industries – delivering dry and irreverent yet informative news and analysis features.

Tim is also host of weekly podcast A Week In Wireless, where the editorial team from Telecoms.com and their industry mates get together every now and then and have a giggle about what’s going on in the industry.

You May Also Like