When I first started my journey in in the world of roaming, back in 2002 at T-Mobile UK, my job really focused on roaming process optimization and implementation. In fact, my job title was “International Roaming Relationship Manager”.
The reality was that the task of getting GPRS and CAMEL roaming launches was based upon relationships and process efficiency. Back in those days, roaming discount deals were virtually unheard of and traffic steering was just an idea in the heads of brilliant people like my current CEO and CTO (rule #1: always try to please the bosses!) who brought the idea to market.
In fact, one of the first non-roaming items that landed on my desk was a sudden inundation of SMS spam from a Dutch network taking advantage of mutual forgiveness/ non-charging for SMS Interworking. We were literally receiving hundreds of thousands of spam and A2P SMS each day. For the first time I learnt the lesson that my role as Roaming Relationship Manager meant a little more than first met the eye. In fact:- the product I was responsible for not only enabled roaming but opened the core of our network up to the rest of the world
- that connectivity was open to abuse from people anywhere in the world- when things went wrong it landed directly on my desk to deal with!
Over the years we had lots of issues relating to fraud and SMS, sometimes causing millions of Pounds of lost revenue, all of them requiring resolution. I remember once receiving an email from a good friend in a roaming partner asking me whether we were spamming her network. I, of course, assured her that nothing could be further from the truth since my colleagues in the Wholesale SMS team had clamped down on their third-party SMS partners. Upon querying why she suspected this, she simply said “children have received SMSs containing links to pornographic sites sent from your Global Titles”. I can’t describe my horror upon hearing that. An emergency investigation was conducted and it turned out a platform had been upgraded over the weekend and for several hours standard security measures were not in place. Hackers had immediately identified this weakness and taken advantage. I had now learnt the criticality of strong security measures!
Whilst issues like fraud and SMS spam continue to plague networks, the threats networks are dealing with today are undoubtedly more serious. Only this week The Guardian newspaper reported that one country was tracking its citizens whilst roaming. All of this is being conducted using the links between roaming partners. Meanwhile, the current COVID-19 virus is being exploited by fraudsters using Smishing (Phishing via SMS) to deceive subscribers into downloading trojans. Back when I was the International Roaming Relationship Manager, in pre-iphone times, smishing was a tough challenge given the lack of smart phones! Today people conduct their banking activities on their smart phones and could potentially lose their life savings through a simple smishing attack.
The reality is that behind every roaming relationship is network connectivity. That connectivity enables the exchange of signalling, which powers all roaming services. Unfortunately, this connectivity enables the bad stuff too. In other words, roaming connectivity opens a weakness in network security and the protocols that run over those links can be subject to attack. It doesn’t matter whether we are talking about SS7, Diameter, GTP or a combination of them. The key thing is, when your links are attacked, the consequences may well land on your desk!
Your roaming links may be abused to enable subscriber tracking, interception of voice calls and SMS, smishing, denial of service, grey routing of SMS traffic and generation of fraudulent calls. To address this risk the next step is to improve your network security to ensure that all traffic entering and leaving your network is fully screened. This screening, conducted via a signalling firewall, will ensure your customers and your network are fully protected. Whilst this protection might not be your direct responsibility, if things go wrong and you are not protected, you personally are bound to become involved. Next time it might land upon your own desk!
If you are interested in learning more about how Mobileum can help secure your network then please click here. And of course, please feel free to share this article with your colleagues from Security, Signalling or Core Networks!
For more information, please contact us.