Stealthy SS7 Attacks

Authors

  • Sergey Puzankov Positive Technologies, Russia

DOI:

https://doi.org/10.13052/jicts2245-800X.512

Keywords:

SS7, Security, Location tracking, SMS interception

Abstract

As we can see, most mobile operators defend their SS7 perimeter by reconfiguring network equipment and implementing SMS Home Routing solutions. This is the right way to withstand basic SS7 attacks, but it is not enough to protect the network. Our research and security audit practice proves that there are possibilities to perform SS7 attacks that bypass this kind of security mechanisms. Moreover, real attacks tend to be more stealthy and difficult to detect at an early stage. That is why we reckon mobile operators should engage continuous security monitoring of external SS7 connections supported by upto- date vulnerability base. In this talk, I will describe the most interesting attacks on SS7 networks that have never been published before.

 

Downloads

Download data is not yet available.

Author Biography

Sergey Puzankov, Positive Technologies, Russia

Sergey Puzankov is a Telecom Security Expert, Positive Technologies. Sergey was born in 1976. He graduated from Penza State University with a degree in automated data processing and management systems in 1998. Before joining Positive Technologies in 2012, he worked as a quality engineer at VimpelCom. Being a security expert in telecommunication systems at Positive Technologies, he is engaged in the research of signaling network security and in audits for international mobile operators.

He is part of the team that revealed vulnerable points in popular two-factor authentication schemes using texts and demonstrated how easy it is to compromise Facebook, WhatsApp, and Telegram accounts. As an expert in telecom security, he researches signaling network security and participates in audits for international mobile operators.

Sergey is also the general developer of the SS7 Vulnerability Scanner tool and member of the Telecom Attack Discovery development team and co-author of Positive Technologies annual reports on telecom security.

References

Ostman, L. (2001). A Study of Location-Based Services. Cell Point Systems. Available at: https://www.opencolleges.edu.au/informed/teacher-resources/style-guide-resources-mla-apa-cse-chicago/

Porter, T., and Gough, M. (2007). How to Cheat at VoIP Security (2007). Available at: https://goo.gl/dxQfgs

Kolker, R. (2016). What Happens When the Surveillance State Becomes an Affordable Gadget? Bloomberg Businessweek. Available at: http://goo.gl/weqptW

Coulthart, R. (2015). Special Investigation: Bugged, Tracked, Hacked. Available at: https://goo.gl/m9V1NK

Schneier, B. (2015). SS7 Phone-Switch Flaw Enabled Surveillance. Schneier on Security. Available at: https://www.schneier.com/blog/archives/2015/08/ss7_phone-switc.html

Soltani, A., and Gellman, B. (2013). New Documents Show How the NSA Infers Relationships Based on Mobile Location Data. The Washington Post. Available at: https://goo.gl/cCmIzn

Engel, T. (2008). Locating Mobile Phones Using Signalling System #7. https://berlin.ccc.de/∼tobias/25c3-locating-mobile-phones.pdf

McDaid, C. (2015). Can They Hear You Now? Hacking Team & SS7. Available at: http://www.adaptivemobile.com/blog/can-they-hear-you-now-hacking-team-ss7

Rao, S., Holtmanns, S., Oliver, I., and Aura, T. (2015). Unblocking Stolen Mobile Devices Using SS7-MAP. Available at: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=7345408

Downloads

Published

2017-09-08

How to Cite

Puzankov, S. . (2017). Stealthy SS7 Attacks. Journal of ICT Standardization, 5(1), 39–52. https://doi.org/10.13052/jicts2245-800X.512

Issue

2017: Vol 5 Iss 1

Section

Articles