SS7
– Vulnerabilities, Mitigation & Penetration Test

SS7 Vulnerability Assessment and Mitigation in Telecommunication Network

Threats that can be posed by attackers exploiting security flaws in mobile networks are:

Subscriber privacy violation

Billing Fraud

Manipulate Network settings

Illegal interception of calls and SMS

Denial of service

Each listed threat represents reputational and financial risks for the operator. Fraud, traffic interception, and denial of service affect subscribers directly and may lead to significant financial losses, privacy violation, and availability disruption. Subscriber information disclosure means leakage of IMSI, disclosure of location or other data, such as account balance or profile details. Network information disclosure is fraught with leakage of SS7 network configuration data. Certain methods of subscriber traffic interception allow an intruder to tap or redirect terminating and originating calls and intercept user SMS messages. Fraud attacks can be performed against both operators and subscribers.

The security of Signalling System No. 7 (SS7) has been solely based on the mutual trust between the interconnecting operators. Operators relied on their trust in other operators to play by the rules, and the SS7 network has been regarded as a closed trusted network. This is clearly no longer valid, and an urgent need rises to analyse the security gaps in such networks and implement the needed controls to close these gaps. Several significant vulnerabilities exist in the Signalling System 7 (SS7) core infrastructure of cellular network carriers that are listed below:

Subscriber privacy violation: it is possible in cities to track subscribers down to street level; the HLR block/filter can be bypassed by querying the Visitors Location Register instead and still obtain the global cell ID for the subscriber.

Real-time call interception and SMS: the call is routed to the attacker’s system, the attacker bridges the call to the originally called party and records the conversation.

Billing fraud: one method of billing fraud is by the attacker using USSD codes to execute remote commands on behalf of the subscriber, transfer prepaid credits via USSD to the attacker, and forward call setting/deletion without the subscriber’s knowledge.

Manipulate Network Settings: – The attacker will simulate subscriber roaming in foreign network. This will override network settings made by the subscriber. The attacker executes USSD codes on behalf of the subscriber and changes outgoing callerID to any number.

Denial of Service: – Denial of Service against Operator network.

ALTEN Calsoft Labs’ Service Offerings

  • Ongoing analysis of protocol data and alarm/logging of events. This is performed without network interference via a passive network tap connection.
  • Provides an active cellular firewall for the carrier’s cellular network.
  • Vulnerability assessment and Penetration Testing: – Find out to what extent network elements (HLR, VLR/MSC, SCP, SMSC and SGSN) under the carrier’s management are vulnerable to SS7 attacks. Discover serious vulnerabilities before they attack and make sure the safety measures are getting the job done.

Vulnerability Assessment and Penetration Testing

Our security consultants will develop a test plan that scans the entire network, looking for all possible technical and administrative vulnerabilities. The service includes a comprehensive report with vulnerabilities ranked according to severity level and, most importantly, recommendations for optimizing configurations, protecting security perimeters, improving interoperability between network segments, and eliminating all identified vulnerabilities. Consultants will conduct a coordinated probe across your entire enterprise. Seek to identify vulnerabilities present on Internet gateways and system hosts. Our consultants employ advanced tools and techniques, similar to those used by hackers, to identify and explore security vulnerabilities. We then analyse the findings and provide recommendations prioritized by threat level, helping to resolve issues, mitigate risk, and meet security objectives.

The services are extended to

Applications

To ensure enterprise and end-point applications are secure

Web Applications

To ensure third party applications are secure

Mobile Apps

Test constantly evolving mobile apps

Networks

End to End Network Security analysis, Technology selection and firewall rules audit

Methodology followed by ALTEN Calsoft Labs for Penetration Testing

diagram3

Penetration Testing Service Offerings

Reconnaissance Mapping

Scan Vulnerabilities

Exploit Vulnerability

Malware Evasion

Physical & Wi-Fi Testing

Phishing Testing

DDOS Testing

BLOGS

Contact Us

If you’d like us to contact you, please fill out the form.

Not readable? Change text. captcha txt