Real protection for the SS7 network
A recent article from security firm Positive Technologies has claimed the end-to-end encryption recently introduced by a number of chat apps such as WhatsApp, Telegram or Viber may actually be pointless.
The crux of this argument is that these apps are vulnerable because they rely on 2-Factor-Authentication (2FA) messages sent via the Signaling System 7 network (SS7). SS7 is an international telecommunications standard that defines how network elements in a public switched telephone network (PSTN) exchange information over a digital signaling network.
According to the report, inherent vulnerabilities within the SS7 network actually renders all encryptions added to the apps themselves redundant. The report claims an attacker can easily assume the identity of a legitimate user on the network, thereby intercepting secure communications (such as 2FA passwords) intended for that user and sent via SMS, says Cathal Fitzpatrick, head of Technology, Openmind Networks.
Protecting the core
The truth is, the risk to enterprises of this type of attack is greatly exaggerated. It is far from easy for even the most sophisticated attacker to assume subscriber identities and intercept messages in this manner in real life. SS7 remains a closed network and access to it is restricted to operators. As such, it is difficult for fraudsters to gain the initial access necessary.
Most operators have an SMS Firewall as standard in their network. This prevents the real international mobile subscriber identity (IMSI) of a subscriber from being sent outside the network. Networks also have filters in place on their interconnect links to stop commands that are outside of normal procedures.
It is really only nation states that would have the access necessary to intercept communications in the manner outlined by PT. The SS7 network remains very secure and this is why it continues to underpin telecommunication services today.
One service underpinned by SS7 is SMS authentication. This is one of the major security mechanisms used by services such as WhatsApp and Telegram, and is also used for the two factor authentication for Google accounts. Two factor authentication using SMS is one of the most secure methods possible for confirming identity and its use by WhatsApp, Telegram and others is best practice.
The industry is ill-served by scaremongering headlines that grossly exaggerate the threat posed to everyday communications by SS7 related fraud. The SS7 network is highly secure, especially compared to internet-based communications.
However, this added scrutiny could be seen as an opportunity for operators to highlight the role that they play in ensuring that all types of communication are properly secured. In contrast to OTTs, which are dependent on the publically accessible internet, the private nature of operator networks make them ideal for uses cases where full security and authentication are required.
Despite the unlikely nature of the claims from Positive Technology, it would be naive to think that there is no risk to the network from highly sophisticated attackers. All operators need to be aware that real risks that do exist, and put appropriate measures in place to deal with them.
Subscribers value their privacy, and operators must ensure their offerings are 100% free from traffic that intrudes on that privacy. In order to protect subscribers sufficiently operators must get their security systems in place to ensure delivered messages – whether SMS or MMS – are virus-free, secure and authentic.
Network-based Anti-Spam detection can provide a defense against threats posed to the messaging services relied on for 2-Factor-Authentication, and also provide an ideal evolutionary path for dealing with new threats as they emerge. The network is not fundamentally flawed and major overhauls of existing traffic flows are not required – operators can implement evolutionary adaptions to existing infrastructure (SMS Firewalls & STPs) to protect subscribers from all reported or theoretical fraud and security attacks.
The type of solutions and services available to prevent SMS fraud and improve service quality include SMS AntiSpam and SMS Grey Route Detection solutions. In both cases SMS traffic, before being delivered onwards towards the receiving customer, is passed through such filters which apply a number of sophisticated algorithms identifying whether such traffic is genuine, or whether it is spam.
Sophisticated reporting engines can also provide operators with an aggregated real-time view of subscriber messaging transactions. This allows the prevention of fraud through early detection of messaging irregularities.
Highly sophisticated attackers do pose real risks to both operators and their subscribers. While the SS7 network is unlikely to be a prime candidate for identity theft and hacking, an operator’s biggest asset is its customer base. Therefore it is in their interest to protect subscribers as much as possible – the key to which is offering comprehensive guarantees of privacy and security.
Hence, the best solution for operators is to focus on the real threats to their networks, ensure that appropriate measures are in place today, and take a pro-active approach to detecting and blocking new threats before they impact on network security and consumer confidence.
The author of this blog is Cathal Fitzpatrick, Head of Technology, Openmind Networks
Comment on this article below or via Twitter: @ VanillaPlus OR @jcvplus