Cyber Sécurité Technique

Brief Introduction to SS7 and its Flaws

Dans le cadre d’une plateforme d’échange, j’ai publié un article très simple d’introduction des vulnérabilités SS7 des réseaux d’interconnections mobiles. Voici l’article et le lien vers l’échange complet.

SS7 or Signaling System No. 7 is a networking/interconnect set of protocols and interconnection definitions developed in the 1970s, which is still widely used to set up and connect most of Telephone Networks.

It was supposed to be used internally, in a form of “walled garden” network. and that was sufficient at the time to consider it as “secure” among telco players.

At design, the high cost of SS7 hardware (and software), was the only barrier preventing third parties from penetrating such networks and using it in a malicious and harmful way.

During the past decades, the telco landscape changed drastically, mainly driven by: The All-IP transition, the evolution of data and the very, very, very competitive market of telecom suppliers.

The hardware barrier was removed thanks to the wide adoption of SIGTRAN (SS7 over IP) in order to interconnect networks over IP. Then documentation, and the work of many security researcher lead to the exposition of the many built-in flaws of this protocol.

A very large set of Attacks can be launched and are mainly targeting :

  • The network operators themselves
  • The end customer

Those, very critical attacks can go from calls interception, SMS interception … to a complete DDOS of network infrastructures and a complete loss of service.

The GSMA addressed those threats in a series of reference documents dealing with the how-to detect, mitigate, and assess those risks :

  • IR.82 SS7 Security Network Implementation Guidelines
  • FS.07 SS7 and SIGTRAN Network Security
  • FS.11 SS7 Interconnect Security Monitoring and Firewall Guidelines
  • FS.19 Diameter Interconnect Security
  • FS.20 GPRS Tunnelling Protocol (GTP) Security
  • FS.21 Interconnect Signalling Security Recommendations

Mainly, measures should cover different layers of the SS7/SIGTRAN stack. But taken in consideration that policing in MTP, SCCP, MAP layers are mandatory, many architectural considerations are to be taken in order to have effective measures.

Those will be maybe detailed in a next post.

Thank you.

Full thread :


Leave a Comment

Your email address will not be published.

You may like