CEO’s Guide to Signalling Threats – A Top Line Review

Mobile devices have become an important part in everyday life and their usage continues to climb. 8 in 10 email users will likely access their email accounts exclusively from mobile devices and in September 2014, mobile browsing surpassed desktop browsing for the first time. People are increasingly relying on phones or tablets to complete all manner of tasks, many of them requiring a high level of security and trust in the devices and wireless infrastructure that makes it all work.

In line with the uptake of mobile technology, the fraudulent market is also on the increase. Criminals are taking advantage of ‘holes’ in the network as attack surfaces become larger and easier to exploit. The ‘trusted’ community of Mobile Network Operators who are all connected via a common signalling network can no longer be trusted due to the ease in regulations inviting competition and the reduction in barriers to entry commoditising the market.

Security breaches involving mobile networks have started to damage consumer and business confidence, driving them further into the arms of global internet companies for solutions and protection. Although these exploits are not always rooted in technology vulnerabilities but instead use sophisticated social engineering techniques, one thing is clear – Mobile Network Operators globally need to address these vulnerabilities to restore trust.

When it comes to proctecting the market, there are two schools of thought:

  1. The problem can be resolved on existing infrastructure by adding encryption to SS7 to shield network traffic.
  2. A state aware SS7 Firewall with a higher degree of logic and flexibility is required to filter out illicit activity and protect the network.
The Chain of Attack

Attacks on devices can lead to a chain of events designed to cause chaos, exposing sensitive information and leaving systems vulnerable. Breaking this chain of events at any point by using a firewall, is enough to stop an attack dead in its tracks, protect the network and individual’s security. Of all the steps in the chain, the redirection of SMS and voice traffic using a firewall is thought to be the best way to break the chain and protect people from attacks.

To reference events that have taken place in recent times, the widely publicised Mirai botnet virus, a DDoS attack from October 2016 was released with the intention of overwhelming the web. The Mirai virus resulted in internet speeds plummeting and sites such as Amazon, Spotify and Twitter going down – MNO’s should be concerned with the ever-increasing complexity of attacks.

What is Predicted for the Future?

With sources predicting that fraud in the telecommunications industry will be worth 27.09 billion USD by 2022, it’s clear to see that protection needs to be put in place to protect the signalling networks and its users.

It is widely believed that Signalling Firewalls should become a necessary part of any network as methods currently in place are not adequate to cope with the ever-changing threats being posed on the networks. Not only this, but any measures put in place need to be scalable so that they are constantly able to meet the market’s needs as new threats surface.

What is the Market Doing?

Players in the marketplace are beginning to recognise that there is a need to protect the signalling network:

  • The GSMA are actively working on the standards for SS7 and currently provide SS7 Firewall recommendations and guidelines for MNOs.

  • The FASG are working to maintain / increase the protection of mobile operator technology so that mobile operators remain trusted partners in the ecosystem.

  • RIFS have produced guidelines on how to monitor SS7 traffic for potential attacks through a combination of evaluating the network, filtering and monitoring traffic and classifying incoming messages. Designed to identify suspicious activity, these guidelines help determine if a message is prohibited, unauthorised or suspicious and proposes remedies.

Some believe that MNOs should be subject to fines if they are not adequately protecting their networks and subscribers. However, this is not a straightforward issue as it is often difficult, if not impossible, to identify where exactly attacks originate from. Also, classifications would need to be put in place to enable those responsible (if detectable) to be charged according to the severity of the attack undertaken.

However regulation is introduced, or whatever methods are put in place to combat fraud on the SS7 networks moving forward, it should be the MNOs main priority to re-build trust whilst protecting subscribers and their personal information.