Mobileum Blog

Signaling Security Threats Cross Into the 5G Era | Mobileum

Written by Stephen Ornadel | 29/10/2019

Today’s telecom networks are a complex mix of old and new technologies and protocols that create hidden vulnerabilities. 2/3G networks use SS7 and SIGTRAN protocols, while 4G relies on Diameter, SIP and GTP. Some of these protocols are dated (SS7 goes back to 1975) and were implemented without an authority model; instead relying upon an assumed trust within a closed industry.  Unfortunately, that trust has been broken. Hackers and fraudsters have found ways to take advantage of these underlying vulnerabilities.

You may remember a German MNO  hack from just two years ago, whereby hackers exploited a SS7 weakness and drained the bank accounts of unaware O2-Telefónica customers in Germany - to the tune of US$200,000. While lessons should have been learned since then, the industry is still prone to attacks.

According to recently conducted market analysis, among the SS7 networks tested, 100% were vulnerable to subscriber information disclosure and subscriber denial of service threats. As 5G networks are launched, the risks don’t stop there.

The GSMA adds that while 5G standards outline a standardized security architecture that offers controls far surpassing those of previous generations, we face the reality that much of 5G traffic will still be traversing legacy networks, causing the old and new worlds to collide. This is particularly inherent when access to the IPX signaling network is via SS7 or Diameter, and the receiving network operator puts the same level of trust as if the traffic was secured through the advanced SEPPs and N32 methods that are being used in 5G.  

“The GSMA predict that the additional complexity 5G will add to the network will increase alarm fatigue within security operations teams; leading to attackers going unnoticed for longer periods of time” – GSMA SS7 Vulnerabilities and Attack Exposure Report, 2018.

Because of the complexity of managing different networks and the aging protocols, it simply is not suitable to employ ‘point’ fixes. Instead, mobile operators must determine the long-term strategic approach that will best protect their network from today’s known vulnerabilities - and new ones that have yet to materialize.

When assessing your network security requirements, Mobileum believes the following capabilities are critical in the 5G era:

- Protect against the GSMA’s threat list: at a minimum, your network security firewall should cover all threats identified by GSMA in FS11 (SS7), FS19 (Diameter) & FS20 (GTP).

- Multi-protocol Signaling Firewall: protect your networks and subscribers by monitoring and controlling SS7, Diameter, VoIP, IMS, GTP, and 5G HTTP signaling streams. Deploying a multi-protocol signaling firewall that ensures that traffic security does not fall through the gaps when it traverses different signaling networks.

- Combination of Rules-based and Machine learning/AI-based analytics for faster detection: Machine-learning-based analytics platforms can provide real-time analysis of the massive amounts of data that operators must manage. It helps them gain insights into threats beyond their network and provides the tools to help them make sense of it all. Many traditional firewall solutions rely solely on a rule-based approach that only provides basic protection against threats, leaving carriers vulnerable to any vector attack that their system is not configured to protect against. With 5G, this needs to change. By adding machine learning and advanced analytics to your firewall defense, operators can more effectively detect and block fraud attempts and security issues in real-time.

Mobileum’s Signaling Firewall blocks suspicious command codes, parameters and hosts. It covers all threats identified by GSMA for SS7, Diameter & GTP; blocking category 1,2,3 threats - including subscribers at home and spoofing.

We protect your network and your subscribers, fighting against the latest threats, including those that put your IMS, VoLTE and 5G networks at risk. With flexible blacklists, whitelists, and network configuration for real world signaling challenges, we provide a powerful user interface with full flexibility and support for customized rules, threat intelligence sharing and rule updates.

For more information on our Signaling Firewall solutions, contact us.