Introduction to SS7 and Security - Cellusys

Back to TCAP Handshaking and SS7 Security

Introduction to SS7 and Security

Absence of security in SS7 is identified as a weakness, but not seen as a problem due to the following:

  • Existing trust relationships amongst Telcos
  • Closed networks
  • Only experts are working and monitoring networks

Today networks are changing and protection for SS7 is becoming a necessity due to:

  • The opening of the network for various (smaller) interconnect parties and service providers
  • IP access to SS7 networks
  • Less experts available to monitor networks
  • More SMS service providers connecting to network, increasing the possibilty of sending wrong messages without any purpose or trying to abuse the network.
  • TCAP and protocols based on TCAP are more vulnerable to fraud.
  • Don’t need end to end physical connections
  • Used in inter-PLMN communications Preventing SS7-Based Attacks using TCAP Security

SS7 Based Security Threats

Spoofing

Definition:

  • Illegal use of HPLMN SMSC by a 3rd party.
  • An MO SMS with a manipulated A-MSISDN (real or wrong) is coming into the HPLMN network from a foreign VLR (real or wrong SCCP Address).
  • If the billing is made from the SMS-C data, the real subscriber will be invoiced.

Precaution:

  • HPLMN can check the originator MSISDN (to verify if it’s a real or not).
  • HPLMN can check if the VLR location stored in the HLR is in the same range with the requesting SCCP address.

Faking (MT Spoofing)

Definition:

  • A fake SMS is originated from the international SS7 network.
  • SCCP/MAP addresses are manipulated.
  • SCCP/MAP addresses are wrong or copied from a real existing SMSC.
  • SMS can be sent to a real subscriber (recovering IMSI) or to a wrong IMSI (only to generate traffic).

Precaution:

  • Controlling access to the SS7 network
  • Supervision of foreign SMSC traffic

Spamming

Definition:

  • Subscriber receives unwanted SMS.
  • Sender can be valid.
  • SMS can be billed correctly.
  • SMS is submitted by a mobile phone or by a third party connected to the SMSC.
  • Only real detection method is customer complaints.

Precaution:

  • Repetitive content check
  • SMS Firewall / SMS Router

Flooding

Definition:

  • Massive load of messages to one or more destinations.
  • The only parameter is the number of messages sent.
  • May cause denial of service

Precaution:

  • Supervision of traffic

Mobile Viruses

Definition:

  • Unwanted signaling
  • Stolen private information

Example:

  • Hatihati

Precaution:

  • SMS Defence

Back to TCAP Handshaking and SS7 Security