Operators will lose millions through SS7 protocol weakness – report

Mobile operators and their will lose millions of dollars to fraudsters as rogue surveillance companies, confidence tricksters and identity thieves increasingly exploit the weaknesses of a decades old telecoms protocol, its claimed.

The claim is made by mobile network security vendor AdaptiveMobile, after a study of 75 mobile operators around the globe. The AdaptiveMobile Threat Intelligence report claims that SS7, a PSTN comms protocol dating from the 70s which was adapted for mobile networks in the 1990s by 800 mobile operators, is increasingly being exploited by fraudsters. The creators of the protocol, originally created for a smaller scale closed network of trusted peers, have unwittingly given criminals access to a global network of mobile operators, it claims.

The losses to telcos will come through lost revenue, defections by subscribers and theft from the mobile operator itself, according to AdaptiveMobile. Fraudulent methods employed include tracking of individual subscribers’ location in preparation for crime, interception of calls and texts messages and bogus roaming configurations.

In one exercise involving a mobile operator in Asia there were 1140 separate attempts to track 23 unique subscribers in two days. Criminals targeted some individuals for hundreds of tracking manoeuvres.

“Surveillance companies, security agencies and bad actors have realised that the legitimate features of the SS7 protocol could be re-purposed to track phones, intercept calls and texts and commit fraud, and are actively doing so,” said Ciaran Bradley, Chief Product Officer at AdaptiveMobile.

AdaptiveMobile is working directly with carrier partners and within the GSM Association to prepare for the upcoming threats.

“We knew these vulnerabilities were possible and we now have proof of exploitations happening all over the world,” said AdaptiveMobile CEO Brian Collins, “Operator networks need to understand the level of threat they are facing so they can remain the trusted provider to their customers.”

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.