After the successful Mobile World Live webinar SS7 Vulnerabilities – A threat that cannot remain ignored we decided to publish some of the unanswered questions with proper answers and this article has received a great interest. Now it’s time for the rest of the questions (and answers) from the Q&A session with Kevin Panzavecchia.
Q: Have you seen a rise of SS7 botnet used for different malicious purposes and are there good mechanisms for threat actor attribution in signalling networks?
When it comes to SS7 attacks, rather than an increase in such threats, the latest hype on this matter is more because of media exposure rather than particular increase in threats or attacks.
Q: Is there a guarantee that if we use an SS7 Firewall we can block any threats?
A: While it is impossible to know the future and if new vulnerabilities will be discovered, it is important to select a firewall such as the HAUD SS7 solution that is usually covered by an ongoing operation and maintenance agreement and with an ongoing upgrade plan. In this way, you have the peace of mind of knowing that even if new threats emerge on the scene you will be getting the necessary protection as soon as possible.
Q: With Diameter positioned to take over much of what SS7/MAP has been doing for networks. Why should an operator invest in another network element such as the Firewall?
A: Newer technologies such as for example LTE use IP-based DIAMETER protocol as a replacement for SS7, however operators implementing LTE will probably do so in parallel with SS7 for the forseeable future. Telecoms operators may experience challenges in adapting fast and new technologies. This is due to various factors, such as previous investment in older technology, security and stability concerns. Even when an operator introduces new technologies to its network, older technology is often still kept in use in order to cater for older handsets that might still be in use by the MNO’s subscribers. Of course, exact predictions are hard to come up with. however it seems clear that even though techologies such as LTE and VoLTE have been available for some time, SS7 will probably still be a fact of life for a good number of years to come.
Q: Can you confirm whether your FW also protects against malicious Diameter signalling?
A: Our solution currently provides full SS7 protection. Diameter signalling protection is currently in development stage, to be launched in 2018.
Q: Your solution is unique in the market or what is another one?
A: There are various solutions in the market both active and passive. However the HAUD SS7 FW and the complimenting Managed Services would be a solution that provides the entire comprehensive protection with minimal effort from the operator.
Q: Are other protocols used by operators relatively safe?
A: As hackers are fond of saying, no system is unbreakable – it is just a matter of knowing how. While research is always ongoing, one should always implement best network practices in order to minimise vulnerability to known as well as not-yet-known threats.
Q: Do you have any information about, what would be the effect on the network in terms of call setup time, or network performance once an SS7 firewall is installed locally to the network?
A: This depends heavily on what brand of firewall you are using. Our product, under normal operating conditions, does not cause latencies greater than 3ms.
Q: How do you calculate the price of the licence? Number of Users? Throughput?
A: Throughput and functionality are usually the main two factors that affect the price of the overall solution.
Q: Is there any increased delay in communications?
A: This depends heavily on what brand of firewall you are using. Our product, under normal operating conditions does not cause latencies greater than 3ms.
Q: Can you please elaborate how the interception of a one-time TAN would lead to successful withdrawal? its a one-time TAN, valid for only a limited time only (e.g. 10min) and cannot be reused.
A: Interception of a one-time TAN can be dangerous is several ways. In general it could allow an attacker to gain access to an account ‘before’ the legitimate owner of the account and lock him/her out by changing authentication information or similar. Even if authentication info is not changed by the attacker, it might only take a few seconds to a couple of minutes to perform a transfer of funds or a withdrawal – perhaps the amount of time the owner of the account would take to wonder why the TAN he received did not work and to request a new one.
Q: What is the most important thing for an operator to be mindful of and take action on regarding SS7?
A: The network security personnel should familiarise themselves with the GSMA/FASG guidelines for fraud detection / prevention and make sure to select an SS7 firewall with features that cater for their specific network circumstances and that also comes with comprehensive support and an upgrade plan. This is important for ongoing protection against possible new threats.
Q: How do I know that my SS7 firewall is updated? Do MNOs receive periodic uptates regarding SS7 threads?
A: This is dependant on the brand of firewall you use. Different companies implement different upgrade strategies and procedures. In general you should maintain regular and open communication with your firewall provider.
Q: There are some STP suppliers that are placing embeded SS7 firewalls? Kevin, what do you think about this solutions?
A: Some STP providers do provide SS7 firewall features with their products, however these are usually relatively basic and do not offer the full breadth of functionality that a dedicated SS7 firewall provider can supply.
Q: How do I demonstrate these vulnerabilities? To customer?
A: This depends on your technical resources and abilities and also on who your customers are. In general, we suggest contacting a company specialising in network security who can offer a penetration testing service. These will usually tell you what threats and vulnerabilities they will test for and provide you with a report at the end of the process.
Q: Do you think spam SMS can be considered as an SS7 threat? thanks.
A: Strictly speaking, spam is not a problem with SS7 security, even though very often SS7 vulnerabilities are exploited in order to generate spam. At HAUD we believe that subscribers should be protected against all threats, and we have best-in-class spam protection measures that come as part of our firewall.