• Log in
  • About Us
  • Privacy Policy
  • Contact us
Telecoms IT News - VanillaPlus
  • Home
  • News
  • Verticals
    • 4G
    • 5G News
    • Big data analytics
    • Bill & Charge
    • CEM
    • Companies
    • Digital transformation
    • Fraud prevention
    • Managed services
    • Network optimisation
    • NFV Hub
    • OSS
    • People
    • Policy
    • Revenue assurance
    • Revenue management
    • Service assurance
    • Service Provisioning
    • Test & measurement
  • Digital Edition
  • Events
    • Events diary
    • Webinars
  • Videos
  • VP Featured
    • Webinars
    • Podcast
    • Editorial advisory board
    • Expert opinions
    • Hot List
    • Operator View
    • Press releases
    • Reports & whitepapers
    • Special reports
    • Talking Heads
    • Troubleticket
    • Digital Talking Heads
  • Directory
  • Tech Trends
  • Subscribe
 

You are here:

  • Home
  • 5G News
  • Why it’s time to address mobile signaling threats

Why it’s time to address mobile signaling threats

09 May, 2018 at 10:09 AM

Posted by: George Malim

Why it’s time to address mobile signaling threats
Gary Miller, Mobileum

Vulnerabilities around the SS7 mobile data network and Diameter have been a nagging and costly problem within the telecoms industry for years, writes Gary Miller, the vice president of Global Solutions at Mobileum.

In some ways it’s very much the elephant in the room that’s been hiding in plain sight, but it can’t be ignored by operators for much longer. The next headline grabbing attack has the potential to permanently damage reputations and hurt unsuspecting customers, while the long-term financial and legal ramifications for operators could be devastating. All it will take is a single attack on a high profile target to light the powder keg.

Researchers first shed light on the problem in 2014, showing how SS7 weaknesses can be used to track people and intercept their communications. Things haven’t improved much since, with hackers exploiting this blind spot last year by draining the bank accounts of unaware O2-Telefónica customers in Germany to the tune of US$200,000. The hackers were lightning fast, and knew that by targeting users on one network, they’d effectively be able to do what they pleased with the accounts.

The O2-Telefónica attacks should have been a wake-up call for the industry. However, more than a year later, not nearly enough action has been taken. The reality is that signaling security standards still aren’t where they need to be, turning network security into a high stakes game where operators are fighting to beat the next generation of hackers looking to expose this and all other potential flaws. Worryingly, network threats are becoming so much faster and more sophisticated, that a US$200,000 fraud will soon seem like pennies if things don’t change. Under the umbrella of signaling security, the threats aren’t limited to SS7 alone. Diameter has become the emerging attack vector, and data-centric attacks utilising the GTP protocol are coming to the surface.

Some policy makers have been taking note. In the US, California Congressman Ted Liu has been a vocal proponent of having carriers address the problems around SS7. He was previously – with his consent – hacked as part of a demonstration of SS7’s many flaws for a feature on CBS News. In addition, Senator Ron Wyden of Oregon has issued formal letters to the US National Security Agency (NSA) and to US mobile operators regarding the US Department of Homeland Security 2017 report on cybersecurity threats related to mobile phones and cellular networks. Beyond the US, in the UK the National Cyber Security Centre (NCSC) has issued calls for increased protection of UK mobile operator networks. Public efforts like this and others are bringing to light the notion that SS7 and other threats can affect us all at any time. It’s not just an operator problem.

Clearly this needs to be addressed, but it also raises an important question; where does the blame and responsibility ultimately lie in the event of a hack? Fundamentally, it is obvious to argue that the hacker(s) is to blame. But how and why were they able to hack in the first place? Why was there no protection? How were they able to do so, so easily? And how responsible are operators in terms of preventing such attacks? Not addressing core security issues will only lead to more complex questions down the road for operators. Questions that don’t have easy answers, and ultimately leave the entire industry open to scrutiny.

So how can operators halt the cycle and address the root causes of security vulnerabilities? It should start with a new mindset. Operators will need to adopt a proactive, rather than reactive, approach to dealing with known and unknown threats within their networks. But admittedly that’s a lot harder than it sounds given the sheer amount of data going over networks today.

Between the prevalence of streaming video services, the rise of IoT, and the steady increase in smartphone data usage, networks are showing signs of stress. Nowhere is this more prevalent than in the activities of security monitoring and management, where it is becoming near impossible for traditional security processes to scale.

Looking back at the O2-Telefónica hack, an effective SS7 firewall would have provided an additional layer of security. But protection is only as good as the threats you are detecting. Looking forward, operators will also need to lean on the latest advances in analytics and AI to view emerging and advanced threats in a proactive way to stay ahead of attackers and secure their networks.

Threat intelligence feeds, visibility and monitoring, and deep learning algorithms all play critical roles in stamping out threats before they even start. Machine-learning-based analytics platforms can provide real-time analysis of the massive amounts of data that operators deal in, view threats beyond their network, provide forensic tools and help them make sense of it all.

All of this provides operators with a blanket of security that SS7, Diameter, GTP and other threats are being monitored for and protected against in real-time. But even more importantly, it empowers operators to take on the elephant in the room once and for all, and level the playing field.

 


category: 5G News, Fraud, News, Risk & Compliance, Security

Tags: cyberattack, Diameter, fraud, Germany, Hacks, IoT, mobile data, Mobileum, National Cyber SEcurity Centre, NSA, O2, Security, SS7, SS7 firewall, Telefonica, Threat Intelligence, UK

VanillaPlus Q3 Magazine
 

VanillaPlus Magazine Issue 1 2022: Why IT must catch up with OT to enable 5G monetisation

Is creativity a bridge too far for CSPs? As communications service providers (CSPs) engage in new digital value chains, collaborate with partners and participate in multi-directional business models, George Malim shares a tale of two bridges

READ NOW

Comments are closed.

  • Facebook
  • Twitter
  • YouTube
  • LinkedIn
  • Subscribe
Relax time
Read the new novel by J.J. Cowan on Africa’s conflict minerals trade and forced labour. 5* Reviews on Amazon.co.uk Paperback & Kindle

Check out on Amazon

X

Be the first to know!

  • The top telecom IT news stories of the minute
    in your inbox
  • Exclusive offers for entry into hundreds of
    events worldwide
  • Free access to a huge selection of the latest
    analyst reports and whitepapers
Subscribe now so you don't miss out
Don’t show me this again
Please check your email
x
Vanillaplus - The Global Voice of Telecoms IT
The Global Voice of Telecoms IT

VanillaPlus is the world-leading resource covering digital transformation for the communications industry. VanillaPlus brings you exclusive News, Expert Views, and Event Reviews. See Interviews from CEOs, CTOs, and COOs who are successfully transforming their business today.

Connect

Facebook Twitter YouTube LinkedIn

NEWS

  • Latest Telecoms IT news

DIGITAL EDITION

  • Latest Editions

OTHER

  • Newsletters [Archive]

KNOWLEDGE CENTRE

  • Webinars
  • Special Reports
  • Talking Heads
  • Editorial Advisory Board

COMPANY

  • About
  • Contact Us
  • Terms & Conditions
  • Privacy Policy

PARTNERS

  • IoT News

© 2014-2022 VanillaPlus - The global voice for telecoms IT. All rights reserved.