SS7 signaling security is the current hot topic conversation on the web. This has been brought to the forefront of our attention by articles in the Washington Post and the presentations given by 2 German Researchers at the Hacker conference Chaos Communication Congress 31c3, December 2014, in Hamburg Germany. At this conference Tobias Engel and Karsten Nohl presented some SS7 signaling threat scenarios that should shake the network and all associated network operators to their very core. Since the title of this post raises the question – Are these vulnerabilities going to be solved in the evolution to 4G LTE/EPC Diameter based networks? I guess this should be addressed! The short answer is I do not think so because:
- Many of the concepts used in the SS7 network environment have been ported to LTE/EPC Diameter space.
- Although LTE/EPC Diameter is the fastest deployed network technology in telecommunications history the network and protocol usage is still immature.
- Network Protocol usage testing is very rudimentary due to the weak and shallow coverage of available “Fuzzers”
- The network equipment is new and sometimes provided by companies that do not have a track record in delivering signaling infrastructure solutions.
- LTE/EPC Diameter networks have an interworking function to legacy SS7 networks.
Since the LTE/EPC Diameter network is an all data IP based network the impact of intrusion maybe even greater than in the legacy SS7 based networks. These risks can include:
- Financial Theft
- Privacy Theft
- Access to enterprise or corporate networks for malicious purposes
- Intercepting and recording of calls
- Injection of Trojans, worms and viruses to connected networks and devices.
In conclusion, Signaling Firewall solutions for fraud protection in legacy SS7 networks should have the ability to address the diameter protocol and manage signaling fraud protection in LTE/EPC netowrks.
Categorised in: Blog