March 20, 2021
RAG TV – How Criminals Exploit Weak Signal Security
Risk and Assurance Group Television S3E11 explores the role of signalling control in managing fraud and security in mobile networks.
Brendan Cleary joins Eric Priezkalns and Lee Scargall on St. Patrick’s day to discuss how bad actors exploit various weaknesses in network signals technology to commit crime, steal secrets and invade the privacy of individuals. The conversation weaves through the role of regulation and the opportunities for the telecom industry to protect their own revenue streams as an industry by maintaining consumer confidence.
This episode covers many topics:
- The recent news about the 02 overbilling scandal, and the role of consumer protection regulation and auditing globally
- A brief summary of what network signalling, and how it enables mobility and roaming
- Why there are so many common vulnerabilities and exploitations to signalling protocols, including a quick history lesson in network security, and modern-day access
- Location tracking, OTPs, 2FA, Smishing, SIM swap, cryptocurrency theft, call and SMS spoofing, SMS spam, A2P fraud, robocalls
- The progress of security and lack thereof in the industry since the cover was blown off SS7 vulnerabilities in 2014.
- Recent findings from an operator survey laying bare the lack of visibility and extent of inaction by MNOs
- Why operators are not incentivized to secure their networks and even to bring transparency to security itself, and what works to motivate them
- How CROs can bring visibility of the risk register to a high enough level within organisations to effectively enact change
- The role of continual review and creating an approach to security as opposed to just ticking the box
- Why newer signalling like Diameter are not actually more secure, hop by hop routing and how this can be used to verify harmless traffic
- North American regulations, the role of the ITU, Stir/Shaken, “clean networks”, and the pros and cons of compliance over self-regulation in telecom
- The opportunities of telcos to secure their own channels to maintain consumer confidence and the need to protect SMS and mobile as a revenue channel
- How operators can differentiate themselves by protecting subscribers from fraud
- What networks must do to secure their traffic and how auditing can aid in bringing visibility.
Categorised in: Blog