Billions of subscribers are indeed at risk of being targeted in a plethora of methods to extract sensitive information such as retrieve location or financial-based data, and other types of fraud, where if successful, the mobile network operator would suffer significant reputational risk, and subscriber churn. In business terms, this can be very insidious to the brand and have a significant impact on revenues, so no operator can afford this to happen.

common types of attacks on ss7 networks using common ss7 and diameter vulnerabilities
source: Enisa

SS7 protection and Diameter network security

Business context

SS7 (SS7 2G-3.5G) and Diameter (LTE 4-4.5G), are the main protocols used for connectivity services for billions of telecommunication subscribers worldwide. Trillions of dollars of business depend on the connectivity services and subscriber-led initiatives that operators have enabled through these protocols.

Despite all the functional aspects of these protocols, as enablers of significant change and business opportunities – they come with a set of known vulnerabilities (some age-old, since SS7 protocol knows its origin decades prior to the advent of wireless communication, others a very recent discovery).

Common SS7 and Diameter exploits:

UNACCOUNTED CHARGEABLE EVENTS ss7 flaws

Unaccounted
chargeable
events

INVALID SUBSCRIBER INFORMATION ss7 attacks prevention

Unauthorised provisioning of subscriber services

ss7 attack prevention eavesdropping

Eavesdropping
on-call events

UNAUTHORISED PROVISIONING OF SUBSCRIBER SERVICES ss7 attack prevention

Subscribers’
service disruption

Illegal retrieval of subscriber data and location

DDoS attacks
on the network

Impact of an SS7 and Diameter attack

Attacks are becoming more frequent, always with higher stakes. Banks in several countries were the target of an SS7 attack, whereby their customers’ bank accounts were frauded through an interception of sensitive information sent to their subscribers over the protocol. Another attack could involve nefarious organisations eavesdropping on subscribers’ calls and messages, to intercept sensitive information to the detriment of their safety, privacy, and overall well-being. The latter is especially true for high profile individuals, where targeted attacks can be done towards politicians and high-net-worth individuals.

SS7 protection and Diameter network security

Tailored to the needs of mobile network operators

Operators need to partner with top-level security solution vendors specialised in SS7 and Diameter protocols. Telco-graded SS7 Network Security and protection solution improves the networks’ security, service stability and viability of the business. Given these threats are equally present in more recent technologies such as the Diameter protocol equal security measures need to be put into place. End-to-end traffic monitoring and distributed global threat intelligence capability is a must. The sophistication and intensity with which nefarious individuals and malicious organisations target MNOs – and their subscribers – is nothing short of alarming; subscribers are consistently at risk of having their identities, bank accounts drained and location-information retrieved.

Signalling Firewall Solution

A Technical Outlook

HAUD’s solution integrates with the MNO’s core network elements to provide comprehensive signalling protection on all the SS7 network security and Diameter operations and commands over internal,  interconnect and international links. 

Powered by advanced fraud detection algorithms, HAUDs signalling firewall security solution focuses on an amplitude of protocol parameters, traffic patterns and behaviour to identify, report and proactively perform the required mitigation actions. 

The HAUD Signalling solution adheres fully with the GSMA’s official SS7 Interconnect Security Monitoring and Firewall Guidelines for handling SS7 MAP and CAMEL vulnerabilities as well as the GSMA’s Diameter Interconnect Security Guidelines to ensure full carrier protection against known vulnerabilities on LTE/4G traffic.

HAUD’s approach

To securing your network

Step 1

Installation of our Signalling Firewall to cover both SS7 and Diameter – and customisation of our Diameter and SS7 network security solution to suit the needs of your specific network.

Step 2

Continuous Managed Services calibrated through years of experience in delivering security solutions and keeping abreast of the requirements of the modern MNO’s security outlook.

HAUD’s SS7 and Diameter Firewall Solution

Top benefits

Position

Positioning MNO as highly secure compared to its competitors, thereby providing a comparative advantage.

Protection

Protecting subscribers from exploit and fraud-attempts

Neutralisation

Neutralise threats such as Wangiri, SMisihing, GT scanning and malware at source;

Prevention

Prevent SPAM, fraud, spoofing and faking from occurring on your network; 

Reduction

Churn reduction due to enhanced subscriber experience.

Non-invasive

Protection enabled without any network or service disruption.

Smoothness

Ensure no or minimal service disruption by installing the solution on passive monitoring before commencing active blocking. 

DOS Protection

Detect and prevent DOS attack on the network, to ensure continuity of service at all times.

Complete

Solution providing end-to-end SS7 and Diameter firewall signalling against known threats and vulnerabilities.

Timely

Piece of mind against emerging threats thanks to its threat engine continuously being updated for recently discovered vulnerabilities.

Synergic

A2P SMS Monetisation can be deployed in tandem to provide end-to-end protection against grey routes and prevent revenue leakages.

Insightful

Dashboard for reporting, insights, rule-setting, and monitoring of traffic providing the operator with further control.

Manage your network risk

And protect your subscribers

Get in touch with our experts to discover how our solution can be integrated within your network, offering full protection against any vulnerability on these protocols, timely ROI, and peace of mind for your subscribers.

Get in touch!

If you require more specific information about our solutions we’re happy to share it with you. Just type your email address below and HAUD expert will get in touch with you.

When submitting the request, we will process above information, and contact you to provide with the requested. Check out our Privacy Notice for the full story on how we protect and manage your submitted data.
Under current legislation HAUD may from time to time use the information provided to contact you by means of a message, e-mail, call or any other similar way of communication to inform you about HAUD’s similar products and services. You have the right to object to this by clicking here. With every such marketing communication, an option to opt-out easily and free of charge from receiving any further communication shall be provided.