2014 turned out to be "the year of SS7 vulnerabilities" as the Telco researchers showcased several successful attacks using the Signaling System No 7 (SS7) interconnection network such as subscriber profile modification, eavesdropping, tracking of users, SMS spoofing and call/SMS redirect. These attacks are serious because SS7 and its IP version SIGTRAN, despite its age, remains a key signaling protocol in the mobile networks and will still long be required for interoperability and background compatibility in international roaming. Understandably, telecommunications industry is taking countermeasures against the vulnerabilities that were exposed through the aforementioned attacks.
Are all risks now mitigated?
Complexity of network layers and diversity of underlying protocols in SS7 makes it more difficult to find all loopholes in the systems. There exist a lot of 'known functionalities' which are indeed the 'unknown vulnerabilities'. In this talk, we first begin with one of such vulnerabilities in detail, where we discuss how to exploit the relationship between IMEI and IMSI to unblock stolen mobile devices. Here, we also discuss about the existing attacks on modification of subscriber profile using SS7 to recap about the contents of subscriber profile. Secondly, we will outline extending the previously known SS7 based attacks to Diameter/LTE. Furthermore, we will also present with an intuitive attack vector to emphasize the fact that the telecommunication systems are being misused for surveillance.
Siddharth Rao (Sid) is a research student guided by Prof. Tuomas Aura in the Secure Systems Group of Aalto University, Finland. He is an Erasmus Mundus student with double master's degrees in Information Security and Cryptography from Aalto University and University of Tartu, Estonia respectively. He started his exploration of security in telecommunication systems at Nokia networks under the guidance of Dr. Silke Holtmanns and Dr. Ian Oliver through his thesis entitled "Analysis and Mitigation of Recent Attacks on Mobile Communication Backend". His current research interests includes location privacy in telecommunication systems and exploitation of Interworking Functions (IWF) to study the signalling systems beyond SS7.