Are You Worried About Exploitation of the SS7 Network Infrastructure?

October 5th, 2017

Early in my career (far too long ago for me to mention in public) I led a team responsible for Signaling System 7 (SS7) network planning. Our job was to design the best SS7 networks for our customers, focused on performance and cost. Security was not a concern back then because there was a short list of national carriers and limited staff at those service providers who had access to these networks.

To be honest, not much changed in most of the intervening years for SS7 network design. Sure, we had to incorporate SIGTRAN and the movement toward IP and SMS texting got introduced. However, the real change was dealing with massive adoption of mobile services, cross-network roaming and authentication, increases in the number of service providers using SS7 networks, and the sheer volume of SS7 traffic. All of these changes added to the inherent risk of utilizing a poorly secured network. But, guess what? Security still was not a real concern. This is not to say it was an unknown issue, just mostly an ignored one.

What it took to get more attention was a series of negative public events:

  • In 2014, a German security researcher named Karsten Nohl publicly demonstrated an SS7 hack that was readily accessible;

  • In April of 2016, 60 Minutes took an earlier segment about SS7 network flaws, and re-broadcast it showing a real-time hack of a US senator’s phone, substantially raising the visibility of this in the US;

  • A year later in April 2017, the Department of Homeland Security issued a report titled “Study on Mobile Device Security.” This report stated “all US carriers are vulnerable to SS7 exploits, resulting in risks to national security, the economy, and the Federal Government’s ability to reliably execute national essential functions.”; and

  • In May of 2017, O2-Telefonica in Germany acknowledged an SS7 network attack that lead to customers having bank accounts broken into and emptied out.

Which brings us to two very recent events that are an indication of the increasing US government concern about the potential for SS7 networks to be exploited and how to prevent this from happening.

First was the August 24 public notice issued by the Federal Communications Commission (FCC) encouraging communications service providers to implement security countermeasures to prevent the exploitation of their SS7 network infrastructure. This FCC notice was issued to further raise concern that an SS7 network can (and will) be exploited to illegally gain subscriber information to conduct fraud and theft attacks. Read the official FCC notice yourself!

The second was a September 14 letter from US Senator Ron Wyden to the CEOs of ATT, Verizon, Sprint, and T-Mobile, in which he gave them 30 days to answer 10 questions on how they were addressing SS7 network vulnerabilities. He also requested copies of threat assessment reports these companies would have received from security firms retained to conduct SS7 penetration tests. You can find the letter Senator Wyden wrote to ATT here.

As a provider of SS7 network infrastructure, Sonus takes these security concerns very seriously. We have partnered with Cellusys to offer a joint solution that is designed prevent and mitigate the kinds of SS7 attacks described by the FCC and Senator Ron Wyden. Learn more about this innovative security offering here.

Ask Us Anything!

Ribbon's team of professionals are ready to answer your questions, guide you to the right solution or help you with your network design.