noun_Email_707352 noun_917542_cc noun_Globe_1168332 Map point Play Untitled Retweet

What if someone just stole your credit limit?

A lack of security persists in many operator networks.

Peter Olofsson / January 23, 2020

Imagine that you're standing in queue in the grocery store. When it is your turn to pay for your groceries, the credit card machine states that you have already reached your monthly credit limit. How can this be? You check last month's purchases but don't find anything extraordinary. Nonetheless, your account states that the money is absent.

It is a scary scenario and one that has already happened. In Feb 2019 Metro bank in the UK reported that some of their customers had been hacked, even though the bank had implemented SS7 technology-based two-factor authentication for all online transactions. It is not the only bank whose customer accounts have been hacked, although hackings are rarely admitted.

SS7 protocol is surprisingly insecure

There are and will be cases where telecom network addressing mechanisms are used to swindle unsuspecting victims. Telecom networks use SS7-signaling protocol to route calls and messages. But communication service providers are surprisingly poorly equipped to prevent fraudulent use of addressing mechanisms.

Operators constantly face new threats as cybercriminals work to find new ways of attacking. Via SS7 networks, cyber attackers may disrupt services, hijack profiles, track subscribers, and attack business processes or customer service experience.

What can operators do to protect their assets?

In my opinion, the signaling network is one of the most valuable assets Communication Service Providers have.

As most attacks originate from other networks, the natural place to protect is the edge of the home networks. Here, an SS7 firewall can check all messages from other networks and analyse if any anomalies appear. Risky traffic can then be excluded from the home network.

With the evolution of new generations of mobile networks, new protocols have also been defined. Yet similar problems are still there. Hence, the GSM Association has defined a set of algorithms to protect the home network in its FS.11 and FS.19 specifications.

Wise network operators implement a firewall solution capable of protecting from both SS7 attacks and attacks on 4G/Diameter protocol. Complementing this with additional protection mechanisms secures the home network and revenues it generates for the operator for the foreseeable future.

TietoEVRY’s Evolved Signaling Controller protects the network

Tieto's Evolved Signaling Controller is an all-in-one solution that seamlessly handles signalling control and routing in 2G, 3G and 4G networks as well as the upcoming 5G network. It has advanced signalling firewall functionality, covering both SS7 TDM and Sigtran, as well as Diameter traffic to protect the network from security threats.

 

Whitepaper download

Peter Olofsson
Senior Product Manager

Peter has extensive experience in product and business development in data and telecommunications fields. He has previously worked with Ericsson driving scalable signalling software and SMS solutions. He is experienced in IT project management, system architectures and software R&D.

 

Author

Peter Olofsson

Senior Product Manager

Share on Facebook Tweet Share on LinkedIn