SS7 network security analysis report
February 18, 2020
Whilst the industry is distracted by 5G, Positive Technologies experts lift the lid on the vulnerabilities and threats which plague the 2G/3G networks. The SS7 protocol which is actively used in these previous generation networks can potentially open the floodgates for hackers to exploit - from tracking user location to listening in on calls. Positive Technologies’ SS7 network security analysis report is a deep-dive analysis of the SS7 network threats and recommendations of how telecom operators can protect themselves from this issue which will be a part of the telecoms ecosystems in years to come. The report monitored these vulnerabilities throughout 2019. Companies can use this insight to help them navigate the challenges throughout 2020.
5G signaling networks: blast from the past
December 18, 2019
Each generation of mobile networks must interoperate with previous ones. As a result, newer generations inherit the weaknesses of their predecessors. In the first of a series of four reports on telecom security, we look to tackle the misconception that 5G will not be affected by existing security vulnerabilities in mobile networks.
Internet Of Things (IoT) Security
December 12, 2019
The number of Internet of Things (IoT) devices is rapidly growing worldwide. Here are the main factors challenging the IoT security and how they can be managed.
First steps for mitigating Simjacker-related risks right now
September 17, 2019
There is nothing that subscribers can do about Simjacker attacks. The vast majority of mobile operators provide SIM cards with STK pre-installed. It is not possible to disable STK on the mobile device itself. Therefore, the job of security falls squarely with mobile operators. And now for the good news. Almost any operator equipment that handles SMS traffic has the capability to reduce the risk of Simjacker exploitation.
5G security issues
July 11, 2019
New-generation 5G networks will be based on existing technologies such as SS7 and Diameter—both of which contain plenty of vulnerabilities. The flexibility of 5G networks means a higher likelihood of configuration mistakes. Making things even more urgent is the growing number of vulnerable IoT devices. Achieving durable security will require concerted efforts by telecom vendors and operators.
Diameter vulnerabilities in the spotlight
June 13, 2018
Despite all the protection mechanisms in the Diameter protocol, networks and subscribers are still at risk. Attackers can exploit numerous SS7 vulnerabilities to successfully track subscriber location, cause denial of service, disconnect thousands of users, or downgrade connections to 3G. Here is our list of recommendations to mitigate security risks both for end users and operators.
SS7 vulnerabilities in the spotlight
March 5, 2018
The vast majority of SS7-based networks contain severe vulnerabilities. Criminals can intercept subscribers' voice calls and messages, commit fraud, and disrupt service availability. Check out our take on current SS7 security threats and recommendations for minimizing the odds of a successful attack.
Threats to packet core security of 4G networks
September 28, 2017
Billions of people worldwide use IoT infrastructure. However, manufacturers of IoT devices still give short shrift to security. Mobile operators tend to be poorly prepared for modern threats. Hackers can use multiple vulnerabilities in 4G networks to conduct attacks, including interception of text and email messages, call eavesdropping, and blocking of connections. Read our report regarding the main security threats to the centerpiece of 4G (LTE) networks.
Next-generation networks, next-level cybersecurity problems
August 8, 2017
In the last few years, mobile operators have made significant CapEx investment in next-generation networks. This includes switching from the SS7 signaling protocol, which dates back to the '70s, to Diameter. But even the newer protocol contains flaws that enable an attacker to eavesdrop, track location, and commit fraud, theft, and worse. Steps must be taken to safeguard against doomsday scenarios.