Menu

Positive Technologies researchers show attacks such as SMS and interception and location tracking can be performed through 2G and 3G networks today

Positive Technologies has published its SS7 network security analysis report, which shows that 2G and 3G networks could be putting the public at risk. The research is based on the networks of 28 telecom operators across Europe, Asia, Africa and South America between 2018 and 2019. It is the second in a four part series on telecoms security where Positive Technologies experts analyze SS7, Diameter, and GTP networks to demonstrate the extent of security problems in modern communication networks.

PT researchers simulated the actions of a potential intruder to reveal the flaws in the SS7 protocol which is used to receive and distribute signaling messages. The risks lie in the fact that cybercriminals can potentially buy access to SS7 networks illegally on the dark web, as well as SS7 being cursed with architectural security flaws. Due to vulnerabilities in the SS7 protocol, 2G & 3G networks are opening the door for hackers to potentially track a customer’s every move, listen in on calls, intercept SMS messages, instigate fraud or even strip them of service. 

Dmitry Kurbatov, CTO of Positive Technologies says, “From a customer’s point of view, it’s scary to think that the vulnerabilities in the network won’t mean that you know if your phone has been affected. So, messages, calls and your location can be tracked without your knowledge. Therefore, it's the operators’ responsibility to stand guard and have visibility of their networks to be able to identify existing vulnerabilities and develop measures to mitigate the impact of these threats.”

Security researchers have warned about SS7 for decades, however the vulnerabilities have become more severe in recent years. PT researchers have discovered that in over the last three years, the percentage of vulnerable networks has increased in nearly all threat categories such as information disclosure, location disclosure, interception of calls, fraud and subscriber DoS.

While security of SS7 had been improving, progress has stalled. Operators have become so distracted by 5G, which promises to bring super high speed & ultra-low latency benefits to customers that they have neglected the risk of 2G & 3G not being protected.

Dmitry Kurbatov, CTO of Positive Technologies, continues: “Although there are talks amongst mobile operators to retire and shut down their 2G & 3G networks, GSMA reports that these previous generation networks will still be available to the public over the next 5 years. This means that SS7 won’t be a thing of the past anytime soon. Whilst operators have been hasty in turning their attention away from 2G & 3G, the reality is that the newer networks are also built using previous generation networks infrastructure, meaning they are plagued with the same SS7 security issues. For example, some 4G features are still dependent on 2G/3G systems, including sending SMS messages and establishing call connections.”

“What’s shocking is that according to ENISA, only 30 percent of EU telecom operators have implemented GSMA recommendations. That is not to say they are not taking the problem seriously. It’s just that the existing security tools they are using are not enough because SS7 is prone to vulnerabilities which are also caused by the occasional incorrect setup of equipment”.

“The first step is to make sure the right processes are in place to make sure operators do not have any blind-spots in their mobile networks. Only a comprehensive approach, which includes regular monitoring of any anomalies to detect illegitimate activities and by following GSMA guidelines, can operators ensure a higher level of protection against criminals. Operators need to make sure they learn from lessons of the past to avoid making the same mistakes with 4G & 5G.”

Click here to download the full report.