SS7 vulnerabilities and attack exposure report, 2018
These days it is hard to imagine life without telecommunications. Anyone who uses e-banking, online payment, online shopping, e-government are long used to onetime passwords for transaction confirmation. The security of this authentication method is based merely on restricting access to telecommunication networks. While the internet of things is spreading widely into industrial processes and city infrastructure, failures in the mobile network can paralyze them, causing not only occasional interruptions in smart home or car devices, which dissatisfy the operator’s customers, but also more critical consequences, such as traffic collapses or power outages.
This report reveals the results of SS7 security analysis. Today the signaling network is not isolated, and this allows an intruder to exploit its flaws and intercept calls and SMSs, bypass billing, steal money from mobile accounts, or affect mobile network operability. To demonstrate the extend of security problems in modern communication networks, this report shows not only the vulnerabilities that we revealed during SS7 networks security analysis, but also the exploitation of these vulnerabilities as would happen in real life. We have been monitoring SS7 security over the past three years and learned what protection methods are used by telecom operators and whether they are effective in real conditions.