Are You Sure Your Mobile Network is Secure?

November 14th, 2018

NOTE: This is Part 1 of a 2 Part series covering the vulnerabilities in today’s mobile networks.

GSMA Intelligence estimates there are 8.6 billion mobile connections, including licensed cellular IoT devices in the world today. Moreover, there are approximately 5 billion unique mobile subscribers, or over two-thirds of the world’s population.  All of this equates to 1.7 devices per unique subscriber and this figure is growing every day. Wow!


What complicates this even more is that all these connected device types and the subscribers that use them have their own preference on how and when they communicate with each other.  To meet this disparate demand on how they communicate, new technologies are emerging and becoming more prevalent such as session initiated protocol (SIP), WebRTC, WiFi and VoLTE calling, and so on. This growing demand to be connected presents a security nightmare for Mobile Network Operators (MNOs).

Let’s look at the security implications of the 2.3 billion smartphones in use today. A majority of these smartphones support Voice over Long Term Evolution (VoLTE), also referred to as 4G technology. VoLTE shifts the cellular network away from its circuit-switched legacy towards a packet-switched network that resembles the internet. Just as the internet is exposed to many cyberattack vectors, this dramatic shift to a packet core opens up a number of new attack surfaces against MNOs and their subscribers. 

Recently, the Computer Emergency Response Team (CERT) at Carnegie Mellon University posted a “vulnerability note” about multiple exposures in VoLTE implementations that could potentially compromise the security and privacy of mobile subscribers. CERT reported that the use of packet switching and SIP may allow for new types of attacks not possible on previous-generation networks.  For example:

  • A remote attacker on the provider's network may be able to establish peer-to-peer connections to directly retrieve or exfiltrate data from other phones, or spoof phone numbers when making calls. A malicious mobile app for Android may be able to silently place phone calls without the user's knowledge, thus stealing service and creating toll fraud.
  • Improper access control, such as allowing two phones to directly establish a session rather than being monitored by a SIP server, thus such communication is not accounted for by the provider. This may be used to either spoof phone numbers or obtain free data usage such as for video calls. In addition, improper authentication on every SIP message may allow spoofing of phone numbers, commonly used in robo-calling applications.
  • Session fixation -  in which some networks allow a user to attempt to establish multiple SIP sessions simultaneously rather than restricting a user to a single communication session. This may lead to denial of service attacks on the network. An attacker may also use this to establish a peer-to-peer network within the mobile network, thus stealing services.

The question now becomes not if new security measures are needed but rather how and when to implement them.

So the question becomes, how do you build a network architected to mitigate the impacts of rogue endpoints and traffic on mobile networks?  How do you protect your mobile networks and subscribers from data exfiltration and DoS attacks from IoT devices?

In Part 2 of this post I will address these questions and discuss practical solutions that can help service providers protect their networks.