International. Positive Technologies has published a report that analyzes security in mobile networks using the SS7 protocol. Developed in partnership with 28 telecom operators in Europe, Asia, Africa and South America between 2018 and 2019, the search shows that SMS tracking and interception and location attacks can be done via 2G and 3G networks today.
The researchers simulated attack activities to assess potential flaws in the SS7 protocol, used to receive and distribute signaling messages. According to the company, in addition to the architectural security flaws that already exist in the protocol, the risk is in the fact that cybercriminals can illegally buy access to SS7 networks on the dark web. In this way, 2G and 3G networks become vulnerable, allowing hackers to track a customer's every move, listen to calls, intercept SMS messages, instigate fraud, or even disrupt operator service.
"From the customer's point of view, it's scary to think that there are vulnerabilities in the mobile phone network and that they still won't know if their phone has been affected. That is, you can track messages, calls and location without their knowledge," warns Giovani Henrique, managing director of Positive Technologies for Latin America. "It is important for mobile operators to establish partnerships with companies specializing in risk mitigation to ensure the security and visibility of their networks, identify existing vulnerabilities and reduce the impact of these threats," he adds.
According to experts at Positive Technologies, industry security researchers have been warning about the risks of SS7 for decades. However, the failures have become more serious in recent years. The company claims that, over the past three years, the percentage of vulnerable networks has increased in almost every category of threat, such as information disclosure, location, call interception, financial fraud, and denial-of-service (DoS) attacks.
"Although the security of SS7 was improving, with the concentration of operators in the implementation of 5G technology, progress has stopped and the risks of 2G and 3G networks are currently a threat," explains Henrique.
According to the executive, operators plan to shut down their 2G and 3G networks in the future, but the GSMA reports that these previous-generation networks will still be available to the public in the next 5 years. "This means that the SS7 will not be a thing of the past anytime soon. In addition, the latest networks are also designed using the previous generation network infrastructure, which means that they are affected by the same security issues as SS7," warns Henrique. "Some 4G functions still rely on 2G/3G systems, including sending SMS messages and establishing call connections," he explains.
According to the European Network and Information Security Agency (ENISA), only 30% of EU operators have implemented the GSMA recommendations. This does not necessarily mean that risk mitigation plans do not work, but that the security tools in use are not enough.
"First of all, operators need to make sure that the right processes are in place to ensure that their mobile networks don't have blind spots," says Henrique. For the executive, only with a comprehensive approach – which includes regular monitoring of any anomalies to detect illegitimate activities – and with compliance with GSMA guidelines, operators can ensure a higher level of protection against cyber attacks. "We must be aware of 4G and 5G to avoid the same problems as in the past," he warns.
The report is the second in a four-part series on telecommunications security, in which experts at Positive Technologies analyze the SS7, Diameter and GTP networks to demonstrate the extent of security issues in modern communications networks. The full document can be accessed here.
