Diameter - The Fraudsters Are Circling

Posted Jun 2017

We have written consistently on this blog about the security weaknesses in SS7 signalling and the threat they hold for services such as SMS based two-factor authentication. The very real nature of this threat was all too amply demonstrated by the SS7 hack on O2 Telefonica’s network in Germany that led to an undisclosed number of customers having their bank accounts drained.

SS7 signalling is prevalent in 2G and 3G networks and some have argued that the risk factor will diminish as 4G and 5G become the dominant network technologies and usage of SS7 lessens.

Perhaps not surprisingly that is an argument we don’t have much time for. There is no upcoming reprieve because many of the existing weaknesses, and indeed some new ones, are also present in the Diameter signalling that drives 4G networks.

In Diameter signalling it is still possible to deny service to subscribers or entire locations; to intercept or listen to calls and read messages; and to track subscribers. This is not a problem that is going to go away as 2G and 3G networks fade into obscurity. In fact, because Diameter signalling uses an open standard from the IETF over an IP connection it is arguable that IT hackers have a greater understanding of this network technology than they do of traditional telecom networks.

The GSMA recognises this issue and we have been working closely with the Association helping to develop the guidelines contained in its reference document FS19, and we presented some of the findings and recommendations to the ETIS (Community of Telecoms Professionals) security group in Madrid earlier this month.

A key requirement going forward – especially as we look to future 5G networks – is that we need solutions that can deal with the past, present and the future. We’ll need integrated solutions that can handle attacks that cross different protocols and generations of technology.

Based on the experiences of today, there’s the opportunity to build much greater signalling and network security into 5G networks. In the meantime, we need to deploy security capable of combating SS7 and Diameter attacks on 2G and 3G networks and Diameter attacks on 4G networks.

As a reminder should anyone doubt the scale involved in 2G and 3G SS7 signalling today, our regular analysis of operator network data shows that 1 message every second is potentially fraudulent. As the attack in Germany proves there is no time to wait on SS7, and as far as Diameter signalling is concerned, the fraudsters are already circling.