First steps for mitigating Simjacker-related risks right now
September 17, 2019
There is nothing that subscribers can do about Simjacker attacks. The vast majority of mobile operators provide SIM cards with STK pre-installed. It is not possible to disable STK on the mobile device itself. Therefore, the job of security falls squarely with mobile operators. And now for the good news. Almost any operator equipment that handles SMS traffic has the capability to reduce the risk of Simjacker exploitation.
5G security issues
July 11, 2019
New-generation 5G networks will be based on existing technologies such as SS7 and Diameter—both of which contain plenty of vulnerabilities. The flexibility of 5G networks means a higher likelihood of configuration mistakes. Making things even more urgent is the growing number of vulnerable IoT devices. Achieving durable security will require concerted efforts by telecom vendors and operators.
Diameter vulnerabilities in the spotlight, 2018
June 14, 2018
Despite all the protection mechanisms in the Diameter protocol, networks and subscribers are still at risk. Attackers can exploit numerous SS7 vulnerabilities to successfully track subscriber location, cause denial of service, disconnect thousands of users, or downgrade connections to 3G. Here is our list of recommendations to mitigate security risks both for end users and operators.
SS7 vulnerabilities in the spotlight, 2018
March 2, 2018
The vast majority of SS7-based networks contain severe vulnerabilities. Criminals can intercept subscribers' voice calls and messages, commit fraud, and disrupt service availability. Check out our take on current SS7 security threats and recommendations for minimizing the odds of a successful attack.
Threats to packet core security of 4G networks
September 28, 2017
Billions of people worldwide use IoT infrastructure. However, manufacturers of IoT devices still give short shrift to security. Mobile operators tend to be poorly prepared for modern threats. Hackers can use multiple vulnerabilities in 4G networks to conduct attacks, including interception of text and email messages, call eavesdropping, and blocking of connections. Read our report regarding the main security threats to the centerpiece of 4G (LTE) networks.
Next-generation networks, next-level cybersecurity problems
September 18, 2017
In the last few years, mobile operators have made significant CapEx investment in next-generation networks. This includes switching from the SS7 signaling protocol, which dates back to the '70s, to Diameter. But even the newer protocol contains flaws that enable an attacker to eavesdrop, track location, and commit fraud, theft, and worse. Steps must be taken to safeguard against doomsday scenarios.