Interconnection Security Standards – We Are All Connected
DOI:
https://doi.org/10.13052/jicts2245-800X.411Keywords:
SS7, MAP, interconnection, security, diameter, GSMAAbstract
The interconnection network is a private network that connects all operators of the world. It enables calls, data and many other services across network and country borders. It connects billions of users and also now an increasing amount of Internet of Things devices. Recently, it has been shown that this network can be severely hacked. We will describe the active protection standardizing and what are the threats that we all face.
Downloads
References
International Telecommunication Union (ITU) – T. Signalling System No.7 related specifications. Available at: https://www.itu.int/rec/T-REC-Q/en
International Telecommunication Union (ITU) – T. (2016) ITU Workshop on SS7 Security. Available at: http://www.itu.int/en/ITU-T/Workshops-and-Seminars/201606/Pages/default.aspx
Arve, M., and Norsk Telemuseum (2005). Mobiltelefonens Historie i Norge, Norsk Telemuseum, Mobiltelefonens Historie i Norge. Available at: https://web.archive.org/web/20070213045903/http://telemuseum.no/mambo/content/view/29/1/
3rd Generation Partnership Project (3GPP). TS 29.338 Diameter based protocols to support Short Message Service (SMS) capable Mobile Management Entities (MMEs), v12.5.0. Available at: http://www.3gpp.org/DynaReport/29338.htm
3rd Generation Partnership Project (3GPP) (2015). TS 29.272, Evolved Packet System (EPS); Mobility Management Entity (MME) and Serving GPRS Support Node (SGSN) related interfaces based on Diameter protocol, v13.2.0. Available at: http://www.3gpp.org/DynaReport/29272.htm
3rd Generation Partnership Project (3GPP) (2014). TS 29.329, Sh Interface Based on Diameter Protocol, Protocol Details, v12.5.0. Available at: http://www.3gpp.org/DynaReport/29329.htm
3rd Generation Partnership Project (3GPP) (2015). TS 29.215, Policy and Charging Control (PCC) Over S9 Reference Point; Stage 3, v13.2.0. Available at: http://www.3gpp.org/DynaReport/29215.htm
3rd Generation Partnership Project (3GPP) (2015). TS 29.002, Mobile Application Part (MAP) specification. Available at: http://www.3gpp.org/DynaReport/29002.htm
Internet Engineering Task Force (2012). IETF RFC 6733 Diameter Base Protocol. Available at: https://tools.ietf.org/html/rfc6733
Internet Engineering Task Force (2003). IETF RFC 3588, Diameter Base Protocol. Available at: https://tools.ietf.org/html/rfc3588
Holtmanns, S., Rao, S., Oliver, I. (2016). “User Location tracking attacks for LTE Networks using the interworking functionality,” in Proceedings of the IFIP Networking Conference, Vienna.
3rd Generation Partnership Project (3GPP) (2016). TS 33.210, 3G Security, Network Domain Security (NDS), IP Network Layer Security v12.2.0. 2012. Available at: http://www.3gpp.org/DynaReport/33210.htm
3rd Generation Partnership Project (3GPP) (2016). TR 29.805, InterWorking Function (IWF) between MAP Based and Diameter Based Interfaces, v 8.0.0. Available at: http://www.3gpp.org/DynaReport/29805.htm
3rd Generation Partnership Project (3GPP) (2016). TS 29.305, InterWorking Function (IWF) between MAP Based and Diameter Based Interfaces, v 13.2.0. Available at: http://www.3gpp.org/DynaReport/29305.htm
Engel, T. (2014). “SS7: Locate. Track. Manipulate,” in Proceedings of the 31st Chaos Computer Congress 31C3, Berlin. Available at: http://berlin.ccc.de/∼tobias/31c3-ss7-locate-track-manipulate.pdf
Rao, S., Holtmanns, S., Oliver, I., Aura, T. (2015). “Unblocking stolen mobile devices using SS7-MAP vulnerabilities: exploiting the relationship between IMEI and IMSI for EIR access,” in Trustcom/BigDataSE/ISPA, Vol. 1 (New York, NY: IEEE).
Engel, T. (2008). “Locating Mobile Phones using Signaling System 7,” in Proceedings of the 25th Chaos Communication Congress 25C3. Berlin. http://berlin.ccc.de/∼tobias/25c3-locating-mobile-phones.pdf
Gallagher, R. (2014). The Intercept, Operation Socialists – The Inside Story of How British Spies Hacked Belgian’s Largest Telco. Available at: https://theintercept.com/2014/12/13/belgacom-hack-gchq-inside-story/
Corelan Team, S., and Kho (2014). On Her Majesty’s Secret Service – GRX & A Spy Agency. Available at: https://www.corelan.be/index.php/2014/05/30/hitb2014ams-day-2-on-her-majestys-secret-service-grx-a-spy-agency/
Fox-Brewster, T., and Forbes (2016). For$20M, These Israelian Hackers will Spy on Any Phone on the Planet, 2016. Available at: http://www.forbes.com/sites/thomasbrewster/2016/05/31/ability-unlimited-spy-system-ulin-ss7/#5b43b75a7595
Fox-Brewster, T., and Forbes (2016). Hackers Can Steal Your Facebook Account with Just a Phone Number. Available at: http://www.forbes.com/sites/thomasbrewster/2016/06/15/hackers-steal-facebook-account-ss7/#6860b09b8fa7
Fox-Brewster, T., and Forbes (2016). Watch as Hackers Hijack WhatsApp Accounts via Critical Telecoms Flaw. Available at: http://www.forbes.com/sites/thomasbrewster/2016/06/01/whatsapp-telegram-ss7-hacks/#7ca2999d745e
Positive Technologies (2014). SS7 Security Report. Available at: https://www.ptsecurity.com/upload/ptcom/SS7_WP_A4.ENG.0036.01.DEC.28.2014.pdf
Nohl, K., and Labs, S. R. (2014). “Mobile self-defense,” in Proceedigs of the 31st Chaos Communication Congress 31C3, Berlin. Available at: https://events.ccc.de/congress/2014/Fahrplan/system/attachments/2493/original/Mobile_Self_Defense-Karsten_Nohl-31C3-v1.pdf
Nohl, K., and Melette, L. (2015). Chasing GRX and SS7 vulns, Chaos Computer Camp, 2015. Available at: https://events.ccc.de/camp/2015/Fahrplan/system/attachments/2649/original/CCCamp-SRLabs-Advanced_Interconnect_Attacks.v1.pdf
Positive Technologies (2015). Mobile Interent Traffic Hijacking via GTP and GRX. Available at: http://blog.ptsecurity.com/2015/02/the-research-mobile-internet-traffic.html
Rao, S., Holtmanns, S., Oliver, I., and Aura, T. (2016). “We know where you are,” in Proceedings of the 8th International Conference on Cyber Conflict: IEEE NATO CyCon, Washington, DC, 277–294.
Kotte, B., Holtmanns, S., and Rao, S. (2016). Detach Me Not – DoS attacks against 4G Cellular Users Worldwide from Your desk, Blackhat Europe 2016. Available at: https://www.blackhat.com/eu-16/briefings. html#detach-me-not-dos-attacks-against-4g-cellular-users-worldwide-from-your-desk
3rd Generation Partnership Project (3GPP) (2012). TS 33.210, 3G Security, Network Domain Security (NDS), IP Network Layer Security’ v12.2.0. Available at: http://www.3gpp.org/DynaReport/33210.htm
3rd Generation Partnership Project (3GPP) (2007). TS 33.200, 3G Security; Network Domain Security (NDS); Mobile Application Part (MAP) Application Layer Security, v7.0.0. Available at: http://www.3gpp.org/DynaReport/33200.htm
3rd Generation Partnership Project (3GPP). TS 33.117, Catalogue of General Security Assurance Requirements, v2.0.0. Available at: http://www.3gpp.org/DynaReport/33117.htm
3rd Generation Partnership Project (3GPP) (2016). TS 33.116, Security Assurance Specification (SCAS) for the MME Network Product Class, v2.0.0. Availble at: http://www.3gpp.org/DynaReport/33116.htm
3rd Generation Partnership Project (3GPP) (2016). TS 33.250, Security Assurance Specification for PGW Network Product Class, v0.1.0. Available at: http://www.3gpp.org/DynaReport/33250.htm
Alfonsi, S. (2016). Hacking Your Phone CBS 60 Minutes. Available at: http://www.cbsnews.com/news/60-minutes-hacking-your-phone/
Finkle, J., and Volz, D. (2016). FCC Studies Technology Behind 60 Minutes Hack of Congressman. Available at: http://www.reuters.com/article/us-usa-cybersecurity-phones-idUSKCN0XH2MC
Lieu T. (2016). Letter to Congress of the United States. Available at: https://lieu.house.gov/sites/lieu.house.gov/files/Lieu%20FCC%20Letter %20SS7.pdf
Ficora (2016). Ficora Calls for a Single Information Security Level for Mobile Network in the Nordic Countries. Available at: https://www.viestintavirasto.fi/en/ficora/news/2016/ficoracallsforasingleinformation securitylevelformobilenetworkinthenordiccountries.html
Coskun, O. (2015). KPN, Why Nation-State Malware Target Telco Networks, DefCon 23. Available at: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Omer-Coskun-Why-Nation-State-Malwares-Target-Telco-Networks-UPDATED.pdfrks-UPDATED.pdf
