Home|State of international telecoms fraud|Signaling attacks | State of international telecoms fraud
Chapter 3

Signaling attacks

Signaling attacks
At a glance

Entire telecommunications networks are targeted

Worryingly, it is possible for hackers to target entire telecommunications networks rather than just individual users or devices. Fraud exploiting the signaling security protocols has been on the rise for many years and can have disastrous consequences for operators and end-users alike.

 

Today’s signaling interworking protocols were largely designed to function in the context of closed, private, secure environments, in which subscribers connected through an owned and managed Radio Access Network (RAN) or a closed community of telecommunications companies. In the modern communications ecosystem, where networks are open to a wider audience, and untrusted parties can gain access to them a lot easier, these protocols lack suitable security and authentication mechanisms, leaving networks vulnerable to attacks.

 

The consequences of signaling security fraud can be disastrous, negatively impacting revenue, service quality, and customer trust. To make matters worse, this type of fraud can spread easily from operator to operator, increasing the risks for the entire industry.

Signaling protocols and their vulnerabilities

  • 24h-support_white

    SS7 signaling

  • fraud_prevention-analytics_white

    Diameter signaling

  • SMS_fraud_white

    GTP-C signaling

Signaling Protocol

SS7 signaling

SS7, also known as Common Channel Signaling System No. 7, is a set of signaling security protocols that have been the industry standard since its adoption in the 1970s. Initially used in 2G and 3G core networks to manage subscribers via signaling MSUs, it is also present in 4G networks to enhance handover between technologies.

 

As is the case with all signaling protocols currently in use, SS7 was created with closed networks in mind. However, the introduction of MVNOs and MVNEs into the communications ecosystem has changed the telecoms security landscape, and SS7 has not evolved to match this complexity. Now, operators must find new ways to introduce security into an unsecure protocol – or risk a large-scale attack on their network.

Example

In 2019, the UK-based bank Metro fell victim to a signaling security attack, as a result of 2FA (2-Factor Authentication) text messages being intercepted via SS7. This was a major incident that raised awareness of the widespread negative impact of signaling security fraud in the financial services industry in the UK.

Read more
Signaling Protocol

Diameter signaling

Diameter signaling is common since the introduction of 4G, replacing SS7. While some vulnerabilities linked to SS7 have been resolved by Diameter, mainly by removing certain functionalities, there are numerous flaws that remain.

Example

For example, since AS security was not taken into consideration during the specification process, Diameter allows spoof operators and nodes, location tracking, and denial of service, leaving significant opportunities for fraudsters to exploit.

Signaling Protocol

GTP-C signaling

GTP-C is the signaling protocol for the creation, update, and management of data tunnels. Similarly to SS7 and Diameter, it was not built with security in mind, leaving core packet networks open to attacks from denial of service attacks, which can lead to subscriber information being compromised.

 

Importantly, many security strategies overlook GTP-C in favor of protecting against the vulnerabilities of other protocols, so GTP-C can put operators at risk.

In this whitepaper

State of international telecoms fraud

State of international telecoms fraud

Introduction: new risks require new solutions

Read more
Voice | State of international telecoms fraud

Voice | State of international telecoms fraud

Chapter 1 | The impact of inbound and outbound voice fraud attacks

Read more
SMS | State of international telecoms fraud

SMS | State of international telecoms fraud

Chapter 2 | Smishing, AIT, and other challenges facing SMS

Read more
Signaling attacks | State of international telecoms fraud

Signaling attacks | State of international telecoms fraud

Chapter 3 | Fraudsters target entire telecommunications networks

Read more
Conclusion | State of international telecoms fraud

Conclusion | State of international telecoms fraud

Chapter 4 | Comprehensive solutions for a complex problem

Read more

Contact our expert