June 1, 2019
DEF CON China 2019
The mobile world is moving to 5G. However, there are billions of subscribers who still use old 2G and 3G networks. These networks rely on the SS7 (Signaling System #7) protocol stack that was developed in the 1970s. The SS7 stack was supposed to be used as an isolated network within a small club of large telephone operators, so nobody thought about upper-layer security mechanisms. Further development of SS7 brought the possibility of sending signaling traffic over IP networks. Thus, the SS7 stack got vulnerabilities “by-design” that allow an external intruder to perform such attacks as location tracking, service disruption, SMS and voice call interception. Mobile operators, equipment vendors, and non-commercial organizations (such as the GSMA - the association of mobile operators) are aware of the problem. They develop and implement security solutions mitigating threats from SS7 networks.